I have created my infrastructure through Terraform, the relevant (Azure) resources are
Application Gateway
VMSS (Virtual Machine Scale Set)
Windows VMs => Created/Destroyed by VMSS (Windows VM are in private
subnet, and HTTPS access is through Application Gateway)
Ubuntu based Bastion Host (for RDP and ansible configuration)
So far I am able to configure one of my windows VM through Ansible using psrp protocol, but that was only possible because I knew the private IPV4 of my VM (added the private IP to host file of bastion vm). How can I do it without knowing the IP address(es)?
My other question is how will the Ansible know a new VM has been created and it needs to be configured?
Edit
If you think this is not the best approach, please guide me on how to do it properly? Should I use Packer with custom image? OR is there any other option? The main configuration I want to do is enable IIS and install a few programs like GIT.
Thank you.
The best way IMO is to use a dynamic inventory. Although the doc examples are detailed for clobber and EC2, you will find more info on the included scripts with examples for Azure.
Once you have your dynamic inventory in place, you can refresh it with meta: refresh_inventory whenever you need to.
Related
I need to understand whether is it possible to add AWS Virtual machine to custom domain controller of Azure.
I have created Active Directory Domain controller in one of the Virtual machine of Azure. Now I have created few virtual machines on AWS (Amazon Web Services). I want to add these machines into Azure custom Domain controller.
Is it possible and if yes, then can someone please guide me on how to do that?
I don't think it is possible with AWS now, but you could try and create a Site-to-Site VPN and test, most likely will not work, but who knows, you might try to replicate your Azure VM DNS network configuration on your AWS VM and see if it helps.
Here's the networking guide for Azure AD Services.
I have tested joining Linux VMs across a Site to Site VPN and they work OK (it was to Azure Active Directory Domain Services, machines could join and users log on).
As the above answer notes however DNS is the killer here. With the Linux boxes I was able to use local config files to save needing to replicate the DNS zone, for Windows boxes you could try hacking the hosts file with some #pre #dom entries but in reality I think you would need a zone replica in your AWS DNS servers for it to work reliably.
I've a simple problem that I provisioned a Ubuntu 16.04 LTS VM with all of its default components. I ssh into the machine, installed Docker and expose a web app container at the port 80 where a simple static web app is running. But the problem is I can't access the application from the public ip address in the browser that has been created as a separate resource with ARM model. I also assigned a named DNS but could not work :(. I have a stand alone VM.
I previously tried Docker on Ubuntu Server Azure service where I need to configure VM's endpoints in the classical way and the same application was up and running. But how do I do that in a stand alone Ubuntu VM using ARM?
For ARM you need to configure Network Security Groups, instead of Endpoints.
You would want to allow traffic on port 80 to the VM. Here's the link to the documentation. And link to a guide on how to do that with Portal.
I followed this tutorial (Elasticsearch 2.X on Microsoft Azure) and now I got the following question: How do I access elasticsearch 2.3.4 running on the VM from my Asp.Net MVC 5 website?
The VM is not reachable from the internet. So the only solution would be to access the Virtual Network from the WebApp?! But I don't know how to configure the Ubuntu VM to allow access to elasticsearch (I used iptables to allow port 9200 and in the elasticsearch.yml I added network.host: 0.0.0.0) and how to access the Virtual Network from my WebApp.
In the guideline (the link above) stood, that the WebApp and the VM have to be in the same Virtual Network - but I can't add my WebApp to the Virtual Network...
Thanks for any help or ideas! Azure is driving me crazy :|
EDIT: Okay, I found another tutorial (secure communications between azure web-apps and virtual machines), but that did not work either. Right now I can access the elasticsearch VM via an url from everywhere in the internet. When I try to access the VM from the Web-App via the private IP of the VM, it does not work :( Maybe because the Azure team changed something? Some screenshots look different to mine.
I signed up for Azure, created my VMs for a farm and went about it as I normally would. At the point of farm configuration where I set IP addresses, I didn't realize that Azure does not accept IPs unless they are Dynamic IP.
Now I know.
My question is, since now I can not login to the VM, is there a way to rescue it?
Shutdown the VM from the web console.
Delete the VM, but keep the associated disk.
Create a New VM, and use previously associated disk.
During the build process, the networking stack should get reconfigured, you should be able to access the VM again.
-john
If you set up virtual networking, Azure will allow you to specify static internal IPs. That way you will always be able to at least VPN in to your virtual network and connect to your VMs from there.
As for "rescuing", you could download the VHD files for your VMs.
I just installed Openstack on Windows azure virtual machine.
But basicly Openstack need fixed ip(ip address which used to communicate between vm and openstack) and float ip(which used to communicate vm and network outside or internet)
But on windows Azure, VM just gave one private ip and one public ip for my azure virtual machine which i've installed Openstack.
So that VM which i created using openstack can't get both of fixed ip and float ip.
How i can configure this on windows azure vm so that my vm which i created using openstack can get fixed and float ip?
Thanks
I believe you cannot get around IP limitations that your VM gets from Azure. However that being said, depending on what O/S you run, you have always options to introduce more IP-addresses at O/S level.
Now depending of the O/S you can bridge/tunnel those IP addresses to access that VM in a manner that those IPs are exposed to clients. VPN is one good example of such functionality - which you may use different tools (again specific details rely on the O/S).
This is the only solution that comes to my mind; I've faced (and dealt with) the Azure only-one-IP limitation on other scenarios...