Latest posts by Timothy Warner (see all)
- Specops Password Auditor - Detect weak password policies - Tue, Oct 31 2017
- Azure Backup – Easily back up Windows to the cloud - Thu, Oct 26 2017
- NAKIVO Backup & Replication v7.2 new features - Wed, Oct 25 2017
Understand the use case ^
Azure administrators have two programmatic interfaces into Azure Resource Manager (ARM):
In my experience as a cloud architect, most of my customers tend to rely on Azure CLI for "quick in, quick out" tasks like checking resource status, stopping virtual machines (VMs), and so forth, and on Azure PowerShell for deployments and scripting automation.
Another point in the Azure CLI's favor is that it is a Python application that runs on Windows, macOS, and Linux. To be sure, PowerShell is also technically cross-platform, but frankly I find the CLI much easier to use in non-Windows environments.
The Azure Cloud Shell renders the cross-platform grumbling moot because it runs directly in your web browser! Microsoft promises that Azure PowerShell will eventually make its way to the Azure Cloud Shell, but at the moment we have Azure CLI v2.0. Today's tutorial covers the Cloud Shell behavior; please check out my other 4sysops articles to get a head start on learning CLI syntax:
Start an Azure Cloud Shell instance by clicking the Cloud Shell button in Azure Portal's top navigation bar as shown in the next screenshot. At first launch, it'll prompt you to allow Azure to create a storage account and a file share to hold the underlying Docker container. (We'll cover what's going on under the hood in the next section of this post.)
The Azure Cloud Shell gives us two great conveniences. Number one, it automatically authenticates you to Azure in the CLI because the Portal already authenticated you to Azure. Number two, your session state and preferences will persist across sessions as long as you allow Azure to deploy the storage account.
Underlying architecture ^
Let's take a closer look at what happens when you start the Azure Cloud Shell for the first time. The next screenshot shows you the prompt to create a storage account:
I strongly suggest you allow Azure to store your Cloud Shell environment. It's true that you pay for storage costs as usual, but they are quite small because Azure creates a standard storage account with locally redundant storage (LRS) replication.
You heard that correctly—the Cloud Shell runs as an Ubuntu Linux Docker container. Take a look at the following Visio diagram I cooked up to show you exactly what Azure resources the Cloud Shell deploys to your target subscription.
That .img file is a 5-GB disk image that stores your $Home directory contents. Every time you start the Cloud Shell, Azure mounts the image in the following path in the container VM:
Managing the Cloud Console window ^
Let's take a closer look at the Cloud Console interface so we can make sure you're comfortable with how it works. Examine the following annotated screenshot, and then I'll explain each major part:
- A: Because this is an Ubuntu (Debian) Linux container, you have the bash shell by default. However, a cloud PowerShell console is currently in private preview.
- B: Restart the Cloud Shell. The default session timeout is 10 minutes.
- C: This links to an overview docs article.
- D: Submit feedback to the Microsoft feature team.
- E: This links to the Azure CLI v2.0 command reference.
- F: Drag and drop to resize the Cloud Shell window vertically.
- G: Maximize works as expected. Minimize makes the session disappear, but you can get it back by clicking the Cloud Shell button. Closing the window actually terminates the underlying container; click the Cloud Shell button to restart it.
Built-in tooling and file share access ^
We can confirm that, at least as of this writing, the Azure Cloud Shell runs an instance of bash from the Ubuntu 16.04.1 long-term support (LTS) "Xenial Xerus" release:
tim@Azure:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
According to Scott Hanselman, the Cloud Shell is indeed a container that Azure Container Services manages under the hood. Not only do we have access to native bash commands and the Azure CLI itself, but Microsoft also gives us plenty of other tools to work with inside the container. Some but not all of these tools include:
- Git (source code control)
- Vim, nano (text editors)
- Docker CLI/Docker Machine
- MySQL, PostgreSQL clients
- iPython client
The programming/scripting language support inside the Cloud Shell is impressive as well:
- .NET Core 1.01
- Go 1.7
- Java 1.8
- js 6.9.4
- Python 2.7 and 3.5
Now, about the clouddrive directory. As I mentioned earlier, the .img file in your Cloud Shell storage account stores any user data. You can interact with the mount as usual, for example:
tim@Azure:~$ cd clouddrive
tim@Azure:~/clouddrive$ touch file1.txt
Azure automatically updates the stored disk images as you make changes to your environment. You can upload to and download from your Cloud Shell from the Azure Portal itself, as shown next:
Download and upload by combining the Portal with Cloud Shell
This ability to upload files to your Cloud Shell is awesome for, say, running scripts and deploying ARM templates.
If for whatever reason something goes wrong with your Cloud Shell (for instance, you delete the underlying storage account), you can force Azure to recreate a fresh, default environment by running:
The presence of Azure Cloud Shell serves as yet another reminder that we Windows systems administrators need to get on board with administrative scripting or perish in the IT industry. In my view, anybody who works with Azure needs to get up to speed with the following languages:
- Azure CLI
We're moving at the speed of cloud! I hope you're enjoying the ride as much as I am.