Tuesday, March 26, 2013

Azure Powershell Setup and IaaS Mass Endpoint Creation

This is a two-purpose article, one general and one specific. Generally, we'll configure powershell to manage your Azure subscription, and then specifically how to configure many endpoints at once.  

When I was working on my article Experiment: Application Server on Windows Azure I noted one peculiar issue. Setting up Windows Azure Endpoints is easy to do one at a time, but doing en masse is seemingly complicated. Fortunately, there is a relatively easy workaround using powershell Azure management.

Setup Powershell to Manipulate Azure

 

Download Azure Powershell

 

You can get the Powershell management plugins from this link. The main link uses the Web Platform Installer and several non-critical items are marked as pre-requsites. If you use WPI it will download and install those as well. Note that despite this assertion, the only thing that is really needed for PowerShell is the stuff that is (by default on a 64 bit OS) installed to "C:\Program Files(x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\*.*" after installing using the WPI. For that reason, I actually put this folder in my Skydrive; the whole thing is only 8.55MB, and you can load it directly without "Installing"(see below).

Setup Powershell Management

  1. Start Powershell as administrator
  2. Ensure you have your execution policy set to RemoteSigned (or unrestricted) with the command "Set-ExecutionPolicy RemoteSigned"
  3. Import the module with the command "Import-Module {Path to Install}\Azure.psd1"
  4. Get your account settings by typing "Get-AzurePublishSettingsFile". This will open up a web browser and download your settings file. You may need to log-in. Note: Ensure you keep this file in a secure location or dispose of it after import.
  5. Import that file by executing "Import-AzurePublishSettingsFile {path to downloaded .publishsettings file}"
You should now be able to manipulate your VMs and other services using powershell. To test this, try something like "Get-AzureVM"

Note: If you have multiple subscriptions in one account you'll need to use the command "Select-AzureSubscription {Subscription Friendly Name}>"

Now you should be good to go. Now let's set up some endpoints!

Mass Endpoint Creation

 

Let's say you want to create TCP port openings from 27000 to 27080 on one or many VMs. (This script will work for both scenarios) Creating them by hand would take quite some time. To accomplish this quickly with powershell, do the following:

If you haven't already, perform steps 1 and 3 above.

Here's the script with line by line discussion below. Note that this could be conflated to fewer lines but I've broken it out to be easier to understand. 



$VMs=Get-AzureVM -ServiceName "VMName"
foreach ($VM in $VMs)
{
    $p=27000
    do
    {
        Get-AzureVM $VM.name|Add-AzureEndpoint -LocalPort $p -PublicPort $p -Name TCP$p -Protocol TCP | Update-AzureVM
        $p+=1
    }
    until ($p -gt 27080)
}

note: PleaseKING below has a great example of how to get this to execute faster by not committing on a per port basis; check it out! 

Discussion:
$VM=Get-AzureVM -ServiceName "VMName" : Get the VM objects. To return all VMs and apply endpoints to all your VMs, just omit the "-ServiceName "VMName" portion.

foreach ($VM in $VMs) : Let's process these ports for each VM. Works with just 1.

$p=27000 : Start port. Change this to the first port you want to forward in.

Get-AzureVM $VM.name|Add-AzureEndpoint -LocalPort $p -PublicPort $p -Name TCP_$p -Protocol TCP | Update-AzureVM : Feed in the VM object | Add endpoint where -localport $p is the port, -Name TCP_$p is the defined port name, feel free to change and -Protocol TCP for TCP. Change to UDP if necessary | Commit changes

$p+=1 : Increment port by 1. Feel free to change the increment if you need to open different port groups

until($p -gt 27080) : The last port in the range to create.

That should do it! Note these will take awhile to setup; the per port provisioning is kinda slow.

Now that you've forwarded the endpoints, you'll need to open the ports on the VM firewall as well. To do this quickly, see Hey Scripting Guy!



Reference time:
If you have any questions or comments please let me know!

2 comments:

PleaseKING said...

The following is probably 100 times faster as it does not do get/update upon creating every endpoint.

$VMs=Get-AzureVM -ServiceName "YOUR_NAME"
foreach ($VM in $VMs)
{
$vm = Get-AzureVM $VM.name
$p=10000
do
{
$vm|Add-AzureEndpoint -LocalPort $p -PublicPort $p -Name TCP$p -Protocol TCP
$p+=1
}
until ($p -gt 10070)

$vm | Update-AzureVM
}

Toby Meyer said...

Good point @PleaseKing! Article updated to reference your comment. Thanks!