AZ-203 정리

*  Azure CLI 명령어 이외의 Azure 명령어는 아래 명령어로 모듈을 설치해야한다.
  - Install-Module -Name Az -AllowClobber

* 파워쉘버전 5 버전 이상이어야 함
  - echo $PSVersionTable.PSVersion

* 교육사이트 추천 : https://www.katacoda.com/

---실습 ---

* Connect-AzAccount -

Account              SubscriptionName      TenantId                             Environment
-------              ----------------      --------                             -----------
junijuniya@naver.com Azure Pass - 스폰서쉽 a3ba6a60-2561-4d3b-9bd0-84f25acd256a AzureCloud

 

* az login 을 해야 구독 ID 가 나타남 (주의)

[
  {
    "cloudName": "AzureCloud",
    "id": "2ca3303c-3b27-4fd9-b768-6b77718f8929",
    "isDefault": true,
    "name": "Azure Pass - 스폰서쉽",
    "state": "Enabled",
    "tenantId": "a3ba6a60-2561-4d3b-9bd0-84f25acd256a",
    "user": {
      "name": "junijuniya@naver.com",
      "type": "user"
    }
  }

 

* C#을 사용하여 Azure에서 Windows VM 생성 및 관리 따라하기

https://docs.microsoft.com/ko-kr/azure/virtual-machines/windows/csharp 

* 방법: Azure PowerShell을 사용하여 인증서로 서비스 주체 만들기
https://docs.microsoft.com/ko-kr/azure/active-directory/develop/howto-authenticate-service-principal-powershell

* self-signed certificate generator (powershell) 파일 다운받아 압축 풀로 한글명 없는 곳으로 위치시킨다.
https://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6

아래 명령어 실행

Import-Module -Name D:\azure\New-SelfSignedCertificateEx.ps1

New-SelfSignedCertificateEx -StoreLocation CurrentUser `
-Subject "CN=exampleapp" `
-KeySpec "Exchange" `
-FriendlyName "exampleapp"

결과

Thumbprint                                Subject
----------                                -------
11513D37E379B415E5667319EBC1043531B00FCC  CN=exampleapp

아래 명령어도 추가로 실행한다.

$cert = Get-ChildItem -path Cert:\CurrentUser\my | where {$PSitem.Subject -eq 'CN=exampleapp' }

11513D37E379B415E5667319EBC1043531B00FCC 파일명으로 인증서 찾아서 위치를 알아낸다.
(위 명령어로 만들어진 인증서 위치 : C:\Users\kjun\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates)

아래 명령어로도 찾을수 있다.

PS C:\WINDOWS\system32> cd  Cert:\CurrentUser\my
PS Cert:\CurrentUser\my> ls
   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my

Thumbprint                                Subject
----------                                -------
DC469AF6DA38EDC95A2AF5B824237C1D8BE76861  CN=MyWorking-PC\MyWorking
AE06EEA3946FDE01A9D45C65376DCEEEE4D0E3D8  E=mksong@markany.com, CN=127.0.0.1, OU=MarkAny, O=MarkAny, L=Seoul, S=Seou...
AD07ACBA0DD92B8C9AF4B8C1AD24600EFBF18796  E=vegabon@unidocs.co.kr, CN=127.0.0.1, OU=unidocs, O=unidocs, L=Seoul, S=S...
87CA7511BDAAC82FCC675C3ABC4B8C1BE46D5974  CN=kjun
11513D37E379B415E5667319EBC1043531B00FCC  CN=exampleapp
0B98390FFF231539064B4DCCB825C582297713DA  CN=localhost

 

* azure portal 에서 active directory 만들기 - preview 이용

New registeration 으로 하나 만든다 (디펄트 설정)

만들어진 AD 를 클릭하여 Certificates & secrets 를 클릭

상단의 Upload certificate 버튼을 클릭하여 아까 인증서를 업로드한다.

하단의 New client secret 를 클릭하여 VALUE 를 얻는다. (나중에 KEY 로 사용 - TtTa}.n53qYa9w>5OZ{=VT[=dTUv#dR-)

 

* 콘솔 프로젝트 만들어서  Nuget 콘솔 관리자에서

아래 명령어로 Azure Nuget 설치한다.

Install-Package Microsoft.Azure.Management.Fluent

 

* 추가>새항목 에서 텍스트 파일을 'azureauth.properties' 이름으로 만들어

subscription=<subscription-id>
client=<application-id>
key=<authentication-key>
tenant=<tenant-id>
managementURI=https://management.core.windows.net/
baseURL=https://management.azure.com/
authURL=https://login.windows.net/
graphURL=https://graph.windows.net/

앞서 조사한 내용을 채워넣는다. KEY 부분이 앞서 행한 VALUE 값이다.

subscription=2ca3303c-3b27-4fd9-b768-6b77718f8929
client=5ecbdc05-ed47-48a6-98f8-ea1a7ac1daa8
key=TtTa}.n53qYa9w>5OZ{=VT[=dTUv#dR-
tenant=a3ba6a60-2561-4d3b-9bd0-84f25acd256a
managementURI=https://management.core.windows.net/
baseURL=https://management.azure.com/
authURL=https://login.windows.net/
graphURL=https://graph.windows.net/

 

* 아래 명령어로 권한을 부여한다.

New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName [ApplicationID]

New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName 5ecbdc05-ed47-48a6-98
f8-ea1a7ac1daa8

RoleAssignmentId   : /subscriptions/2ca3303c-3b27-4fd9-b768-6b77718f8929/providers/Microsoft.Authorization/roleAssignme
                     nts/508fc21c-d608-4f2a-87d4-bd8104c199fa
Scope              : /subscriptions/2ca3303c-3b27-4fd9-b768-6b77718f8929
DisplayName        : exampleapp2
SignInName         :
RoleDefinitionName : Contributor
RoleDefinitionId   : b24988ac-6180-42a0-ab88-20f7382dd24c
ObjectId           : b48fac0e-641a-4b55-82e3-80e85ebc0829
ObjectType         : ServicePrincipal
CanDelegate        : False

 

* 프로젝트에 아래처럼 코딩한다.

 var credentials = SdkContext.AzureCredentialsFactory
    .FromFile("azureauth.properties");

            var azure = Azure
                .Configure()
                .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                .Authenticate(credentials)
                .WithDefaultSubscription();

            var groupName = "myResourceGroup";
            var vmName = "myVM";
            var location = Region.USWest;

            Console.WriteLine("Creating resource group...");
            var resourceGroup = azure.ResourceGroups.Define(groupName)
                .WithRegion(location)
                .Create();

            Console.WriteLine("Creating availability set...");
            var availabilitySet = azure.AvailabilitySets.Define("myAVSet")
                .WithRegion(location)
                .WithExistingResourceGroup(groupName)
                .WithSku(AvailabilitySetSkuTypes.Managed)
                .Create();

            Console.WriteLine("Creating public IP address...");
            var publicIPAddress = azure.PublicIPAddresses.Define("myPublicIP")
                .WithRegion(location)
                .WithExistingResourceGroup(groupName)
                .WithDynamicIP()
                .Create();

            Console.WriteLine("Creating virtual network...");
            var network = azure.Networks.Define("myVNet")
                .WithRegion(location)
                .WithExistingResourceGroup(groupName)
                .WithAddressSpace("10.0.0.0/16")
                .WithSubnet("mySubnet", "10.0.0.0/24")
                .Create();

            Console.WriteLine("Creating network interface...");
            var networkInterface = azure.NetworkInterfaces.Define("myNIC")
                .WithRegion(location)
                .WithExistingResourceGroup(groupName)
                .WithExistingPrimaryNetwork(network)
                .WithSubnet("mySubnet")
                .WithPrimaryPrivateIPAddressDynamic()
                .WithExistingPrimaryPublicIPAddress(publicIPAddress)
                .Create();

            Console.WriteLine("Creating virtual machine...");
            azure.VirtualMachines.Define(vmName)
                .WithRegion(location)
                .WithExistingResourceGroup(groupName)
                .WithExistingPrimaryNetworkInterface(networkInterface)
                .WithLatestWindowsImage("MicrosoftWindowsServer", "WindowsServer", "2012-R2-Datacenter")
                .WithAdminUsername("azureuser")
                .WithAdminPassword("Azure12345678")
                .WithComputerName(vmName)
                .WithExistingAvailabilitySet(availabilitySet)
                .WithSize(VirtualMachineSizeTypes.StandardDS1)
                .Create();

* 최종 결과