Azure Basics Lab

In this blog:

• Configure Azure Virtual Network (VNET).

• Network security groups (NSG).

• Azure Virtual Machines.

• Assign managed identities in Azure.

• Access storage account blobs from a virtual machine.

• Connect to VM via SSH.

• Build automated pipelines using serverless functions.

➡️ Click here to see my blog on the AZ-500 certification.

➡️ Click here to see how I passed the AZ-500 certification.

➡️ Click here to see my blog on Azure Virtual Machine labs.

Configure Azure Virtual Network (VNET)

Sign into the lab using the given credentials:

We are going to create a virtual network and manage subnets:

Search for virtual networks in the Azure Portal.

Click create once you get to the VNET resource. Fill in the fields like so. I am using fields given to me in the lab by Immersive Labs. --- Skip past the security section.

Create a new subnet called apptesting, with a subnet range of 10.1.1.0/26.

Review and create ➡️

Network Security Groups (NSG)

Now we are going to create a new NSG (Network Security Group) called SSH.

Search in the global search bar, for NSG. Then click create, Review and create. 

Inside the NSG, we are going to add inbound security rules.

Go to Inbound security rules on the left and click Add.

Fill in the information like shown ➡️

Next, we need to associate our new NSG with our apptesting subnet. To do this, go back to the Metrolio-testing VNET and into the apptesting subnet, and set NSG to SSH.

Azure Virtual Machines

Our next job is to create a virtual machine called metrolio-app-dev with the following properties, leaving everything else as default:

• Availability options: No infrastructure redundancy required.

• Image: metrolio-ubuntu2204-token-downloader - This is a private image, shared with your subscription. You can find it in Shared images.

• Size: B1ls (Standard_B1ls this is a B-Series image).

• Administrator account username: metrolio.

• Administrator account authentication type: SSH Public Key. You'll need to select the SSH public key source as Generate new key pair, using a key name of your choice.

• [On the Disks tab] OS disk type: Standard SSD (locally-redundant storage)

• [On the Networking tab] Virtual network: metrolio-network

• Subnet: app-public

• Public IP: metrolio

Note: if you make a mistake and need to delete and recreate the VM, you'll first need to dissociate the metrolio public IP address to make it available again. You can do this in the Public IP addresses service, by clicking on the metrolio address and Dissociate in the command bar. Do not try to delete the public IP address with the VM.

So, let’s do it ➡️

Search virtual machines in the search bar, and click Create.

The availability options can be set to No infrastructure redundancy required.

The image is privately shared with you, so click see all images, and click shared images on the left pane. Double click the metrolio-ubuntu2204-token-downloader image.

The Size is B1ls, which is a B-series image, and can be found by clicking see all images and clicking on the B-series images on the left pane.

Next, move onto the Disks tab and change OS disk type to Standard SSD (locally-redundant storage).

Next, in the Networking tab, make sure the virtual network is set to metrolio network, subnet is set to app-public, and public IP is set to metrolio.

Everything else can remain at default. Click review and create.

You will be asked to download your private SSH keys. Just click download.

Assign Managed Identities in Azure

Next, we need to grant an identity for a virtual machine. Create a system-assigned managed identity for your VM. Take note of the identity’s object ID, as you will need it for a later task.

Go to the VM resource that we just created and go to Security then Identity.

Turn the status on.

Access storage account blobs from a VM

Next, we need to create storage accounts and resources. Search storage accounts and click create. Deploy it in UK South and use Locally redundant storage (LRS).

Leave everything else as default and review and create.

Next, go into the storage account that we just made, and go to storage browser on the left. Then click Blob containers.

Create a new container by clicking Add container, name it images, and keep it private.

For the next task, we need a store data in an Azure Storage account.

Click upload and go to the Metrolio logo image In your lab desktop.

Now we need to grant permissions to our VM to access storage data.

Go to the storage account we made and go to access control (IAM) and then Grant access to this resource.

Go to Add Roles and search for Storage Blob Data Reader.

Find our VM under the managed identity, then review and assign.

Connect to VM via SSH

Now we need to connect into the VM using SSH and integrate with Azure Storage.

Go into the virtual machine, then go to Connect and then pick your method of connecting via SSH. Click Bastion and connect.

Use the username given in the lab, and pick out the SSH private key that you downloaded earlier.

Nano into the blob-downloader.py directory. Change the account URL to the metrolioassetsfd9c storage account.

Use python3 to find the value of the blob downloader file.

Build automated pipelines using serverless functions

Now we need to create a function app to host serverless functions.

Search for resource groups, and create a new group called metrolio-function-app. Inside this, create a consumption plan function app called metrolio-automation-7278. Review and create this with no further configurations.

Next, search for function apps.

Use the Python 3.11 version runtime and create. In Networking, make the storage account - metrolioautomation7278

Next, create a serverless function triggered by web requests.

Inside the function app, create a function, to be developed in the portal, called HTTPtoQueue. Use the v2 programming model, the HTTP trigger template, and Anonymous authorisation level.

Note: The Job type should say Create new app.

We now need to edit the function code to bind the function to Azure storage.

import azure.functions as func
import logging

app = func.FunctionApp(http_auth_level=func.AuthLevel.ANONYMOUS)

@app.route(route="HTTPtoQueue")
@app.queue_output(arg_name="metrolioQueueItem",
                  queue_name="metrolio",
                  connection="AzureWebJobsStorage")
def HTTPtoQueue(req: func.HttpRequest, metrolioQueueItem: func.Out[str]) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')

    name = req.params.get('name')
    if not name:
        try:
            req_body = req.get_json()
        except ValueError:
            pass
        else:
            name = req_body.get('name')

    if name:
        logging.info(f"The provided name is {name}")
        metrolioQueueItem.set(f"New registration! Their name is: {name}")
        return func.HttpResponse(f"Hello, {name}. This HTTP triggered function executed successfully.")
    else:
        return func.HttpResponse(
             "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response.",
             status_code=200
        )

Copy this into the function code, save and refresh.

Save your changes and then refresh both the page and the code editor blade. When editing in the portal, it can, unfortunately, take some time for Azure to properly update the code and bindings internally; these refreshes seem to prompt it to speed up the update process. This is a real-life limitation when developing Azure functions in the portal.

This will add an Azure Queue Storage type output binding to your function. That means when your function is invoked, it'll create a storage queue message containing the value of any name parameter passed in HTTP requests. 

We will now manually invoke the serverless function.

Visit the function URL to invoke it, passing in 057dd5 as the name parameter. You can do this by appending ‘?name=057dd5’ to the URL. You should see a simple HTTP response indicating success.

Thanks for reading!