During last //Build event, Microsoft announced “Azure Cloud Shell”, a new command line interface available directly in the Azure Portal. This Shell can be used with Bash and Powershell, in this article we will discover the engine of this cloud shell focusing on PowerShell features.

 

Existing Tools

Actually several tools are available to manage Azure services. We can consider two types of tools:

Web applications:

The first two links propose user interfaces to hide API calls to Azure Management APIs. At the contrary the last one is a technical portal which exposes the json definition of each Azure Resources.

 

Command line tools:

  • Azure PowerShell
  • Azure Cli (Node Js)

Command line tools must be installed in the development machine and must be updated manually. They are wrapper on top of Azure Management APIs, they are useful for complex and repetitive management tasks.

 

Azure Cloud shell, a new management tool

This new Cloud Shell is not only a new Azure Management tool, it exposes some nice features. It can be used directly from the Azure Portal :

 

How does it work?

The shell is using internally Azure Container Service: it gets connected to a virtual machine which will create a container. The Bash mode will create a Linux container whereas the PowerShell mode will create a Windows container (Windows Server 2016).

Using the cloud shell, the Azure user is connected to a remote container on which a lot of tools are already installed and ready to be used:

 

Linux container :

  • Azure tool : Azure CLI 1.0 et 2.0 / AzCopy / Service Fabric command line interface
  • Linux tools : bash / sh / tmux / dig
  • Code editor : Vim / Nano / Emacs
  • Databases : MySql and PostgreSql clients / sqlcmd / mssql-scripter
  • Containers : Docker / Helm / Kubectl
  • Languages and Framework : .net (2.0) / Go (1.7) / Java (1.8) / NodeJS (6.9.4) / PowerShell (6.0) / Python (2.7 et 3.5)
  • Other : Terraform / Git / Npm

 

Windows container :

  • Azure tools : Azure PowerShell (version 4.4.1) et Azure CLI (2.0.20)
  • Code editor : Vim / Nano
  • Databases : sqlcmd
  • Languages and Framework : .net (4.6) / NodeJs (6.10) / PowerShell (5.1) / Python (2.7)
  • Other : Git / Npm

 

Are data available across Shell sessions ?

Yes! The first time the azure cloud shell is opened, Azure asks the permission to create a storage account*. In this storage account a file shared is created : it contains a blob which will be used as drive to store data. This drive is mounted by each containers, that’s why it is available from each Shell type (PowerShell and Bash) and across each sessions: this drive is currently called “Cloud Drive”.

In Linux containers, the cloud drive is mounted in a “home” directory, whereas in Windows it is mounted in the following directory: C:\Users\ContainerAdministrator\CloudDrive.

 

PowerShell:

cd $home\clouddrive

 

Bash:

cd home

 

* The storage account is created with a name generated by Azure, it’s created in a resource group named depending of the Azure Region used : « cloud-shell-{azureRegion} ». The Azure region is automatically provided and the virtual machine which will create and host containers will be hosted in the same Azure Region (that’s better for performances).

In the storage account, one file share is created for each subscription user, it’s named using the user name : cs-{user}-{domain}-com-{id}.

Here is a screenshot of the resource group created when i opened the azure cloud the first time:

 

 

 

 

 

 

 

 

 

 

How much does it cost ?

Only the storage account price! Virtual machines and containers are provided by Azure and are free for the Azure user.

 

Azure Cloud Powershell features

 

Azure resources management (file system view and “resource scoping”)

Once connected to the remote container, the cloud shell allowed us to us an “Azure Drive” by default (Azure : ). This Azure drive permits to navigate in the subscription Azure resources like a file system (this fluent navigation is already usable in a graphic way in https://resources.azure.com !). Azure PowerShell cmdlets are available in the Shell too, that’s why resources management is quite easy!

In the following screenshot, I list all Azure subscriptions available to me : I use the dir command before to navigate in the subscription chosen with the cd command :


Once the subscription selected, we can navigate in azure resources filtering by resource group or resource providers.

In the following example, I list all resource group of the subscription and I select “blog-rg”. In the resource group the dir command does not list all resources present in the resource group but all resource providers used :

 

 

 

 

 

In this example we use the Get-AzureRmWebApp command to list all web applications placed in the resource group. Here is the command syntax :


Get-AzureRmWebApp [[-ResourceGroupName] <String>] [[-Name] <String>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]

 

The command needs a –ResourceGroupName parameter, but in the example none parameter is used, it’s because the parameter in automatically filled by the shell, this feature is called “Resource Group Scoping”.

The Shell is smart, it uses its current context (Resource Group or Resource Provider). For example, when we use a resource provider to discover azure resources the Get-AzureRmCommand command will return only commands usable for the current resource provider :

 

 

 

 

 

 

 

In this example, I navigate in my subscription using the “WebApps” resource provider. The Get-AzureRmCommand command returns only Azure PowerShell cmdlets usable to manage App Services.

 

PowerShell modules

Powershell modules from the powershell gallery can be installed in the azure cloud shell ! They will be available across sessions because they are stored in the cloud drive.

 

Azure Virtual machine management

It’s actually possible to get connected to an Azure Virtual Machine from the azure cloud shell. First we need to find the target virtual machine navigating in the shell, then we have to use the Enter-AzureRmVm command. This command must be used with another command “Get-Item” like in the following example :

 Get-Item | EnterAzureRmVm 

Once theses commands executed, the username and a password will be prompted (we need to prefix the username with a \ to make it work, for example (\tranise) :

 

 

 

The remote connection will only work if PowerShell Remoting (WinRM) is activated on the target virtual machine. To activate it, two steps are necessary :

  1. Allow WinRM in the input traffic of the virtual machine : port 5985 (http) or 5986 (Https). This can be done directly on the Azure Portal by adding a rule in the virtual machine NSG (network security group)
  2. Configure a firewall rule in the virtual machine OS. This can be done within the cloud shell or by getting connected to the virtual machine (using RDP protocol for example !) .

 

In the same way, the Inwoke-AzureRmVmCommand command permits to execute commands on the remote virtual machine.

 

Happy coding 🙂


Clean empty Azure Resource Groups using Azure Cloud Shell Using conditions in ARM templates

Leave a Reply

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *