Linux login using Azure Active Directory credentials

In the dim and distant past (2 years ago) - i wrote up a post here talking about how you could authenticate users in linux against AAD for a nicer user management experience - this worked pretty well but wasn't perfect.

It now seems that Microsoft have done this themselves and made the whole thing a lot slicker.

The benefits of the new method are:

Access (including admin access) can be (more...)

linux and trusted certificates

Slightly unusual post for me - t's not really azure related (or indeed Oracle related from my past life) this is just talking about ssl certificates in general on linux machines - this particular example is for RHEL on Azure but actually thats largely irrelevant - the process would be pretty much the same on any platform in any hosting zone.

So in my example we had an intranet application hosted at (more...)

Four reasons to love cloud shell

Cloud shell is one of the nicest more recent additions to the azure 'family' (if i can call it that). I'm using it more and more and thought i would share a few things i discovered recently that enhance working with it. It's now surprising what you can actually do it.

The Azure portal is now getting closer and closer to allowing you to do almost everything from a browser.

So first up

1) You (more...)

vscode and azcli

I've been using vscode more and more - personally i think its great.

As an example of why i like it so much here is a quick walkthrough of some stuff with the extension that lets you work with the az command line tool.

First up you have to get the extension installed via the normal route - a description of the extension itself is shown in the screen grab below

As an example lets (more...)

Protecting an nginx ingress into kubernetes with a ‘real’ certificate

Following on from my last post where i use self signed certificates this post discusses how to use a 'proper' cert to do this properly and get rid of all the warnings. I did all of this in an AKS environment in Azure but the steps would be exactly the same for self hosted kubernetes or any other platform like EKS

The first step to doing this is to get a proper private key, generate (more...)

Converting a simple http container to one protected by https and Azure AD

So that titles a bit of a mouthful - what am I actually going to talk about here? We are currently looking at containerizing a number of our applications, as we have heavily invested into Azure our deployment 'pattern' of choice is using Azure Kubernetes Services (AKS) - there are other ways to host containers in Azure but I'm ignoring those - this seems to be the strategic direction Microsoft are going in and is (more...)

Modern apache authentication with Azure AD

One of the key topic areas for us at the moment is modernizing our applications - in most cases this is trying to move to more cloud native architectures like PaaS. However another aspect of this is dealing with the authentication process for applications - over time we (as most other companies will have) have built up a huge array of different authentication mechanisms (and authorization - but I'll ignore that for now). Users have (more...)

Some MySql/zabbix findings

This past week I've been looking in to creating some reports out of our zabbix database that we host in an Azure MySQL PaaS service (i.e. a proper PaaS where everything is managed via a web gui/api calls - there is no 'server' that can be logged in to - at least not by end PaaS consumers).

Now my MySQL experience is pretty limited - I've installed it in the past and run some (more...)

Monitoring java app servers (Tomcat) with Zabbix

This past week we've been trying to enhance our monitoring of java application servers (in our case Tomcat) using zabbix. This actually proved to be a lot more fiddly than we had hoped - and actually this is largely due to two reasons:

1) The documentation is not clear on the architecture
2) The error messages are somewhat misleading

Let me start off by talking about the first point - from the docs I have (more...)

Azure metadata service

I discovered this purely by chance this week and thought it would be useful to share.

Seems there is some functionality in Azure that lets you extract some information about the VM (that is not directly available on the VM itself) from the Azure platform itself - it's easier to explain what I mean by a simple example

If i'm logged in to a VM I have no way of knowing what type/size of VM (more...)

Azure AKS and the quest for a PaaS ftp server

Bit of a longer post this one as this took me ages to get working and involved me having to try to learn lots of new stuff to the level where i could make it work.....(without really truly understanding a lot of it - so if there are mistakes don't be surprised)

So what was i trying to do? - well we still receive some files from external 3rd parties via ftp, these should (more...)

Azure storage – Schrödinger’s cat

Anyone remember Schrödinger's cat - the 'thought' experiment from the 1930's that pondered if the cat was alive or dead - well I'm not going to go into that but just use it as a pointless premise to have a picture of a cat. If the picture shows, then the cat is alive, if it doesn't then the cat is dead.

Now thats set a little backstory on to the technical point i want to (more...)

logic apps inserting to an ‘on premises’ database

Logic apps are one of the nicest features I've discovered so far in Azure - they allow application logic to be built very simply without really having to do 'proper coding'. The one downside is that these are only available as public endpoints (which is great for many use cases) but in my example case i wanted to run a logic app that could put some data back into an on premises database - by (more...)

Azure VM extensions

VM extensions allow you to install additional software/features into your VM without having to actually log on to the VM to do that.Whilst looking into it this past week i realised there are a lot more available than i had realised.

If you go to the extensions blade in the portal you see a few listed (see screenshot below) and i had kind of thought that this was it.

These seem to be more (more...)

Cross workspace reporting in log analytics

We had some consultants in last week talking about many different Azure topics - one of the things i mentioned was that it was really annoying that there seemed to be no way to report across multiple log analytics workspaces from a single point - take the example that i have some data in one workspace that also has some related data in a dashboard i want to built in a completely different workspace - (more...)

Using powershell in cloud shell to show windows licences

Now I'm no powershell expert , i would describe myself as a beginner but I'm able to re-use concepts from other scripting tools/languages to build what i want to do (i'm still not sure if powershell is a scripting or programming language sometimes - it seems a bit of a mash up of lots of things). Anyway one of the things i do find frustrating when building things is that it often needs extra modules, (more...)

Azure AD Domain Services (AADDS) – some thoughts

I thought i'd share some thoughts on 'domain services' inside Azure - some good things and some bad following on from our implementation and now we have got to know some of its benefits and limitations.

For those of you from a non AD background (which was me until very recently) you are probably only aware of the domain as something you log in to with your corporate username/password - you know machines are 'joined' (more...)

Azure billing data in OMS – who needs 3rd party tools…….

We've been looking into getting better control over our spending in Azure - as many of you may have found it's very easy to start spending a lot more than you intended - and this is true of all cloud providers - resources are so easy to add they get forgotten about or oversized or aren't shut down when not in use and the costs can really rack up.

Microsoft do offer some ways to (more...)

Writing your own custom log messages to OMS

I'm still trying to get my head round the whole OMS topic and how it really fits into our azure management/monitoring framework. As part of working that out I've today been working out how to add my own custom logs which i could then make sure of to do nice graphs and possibly build alerts off.

Largely what i did was based off this example from Stefan

I had trouble though (more...)

Auditing Azure operations

It was highlighted this week the importance of knowing who does what through the Azure framework - an item (a storage account) had been removed and we needed to know who had done that and when.

Helpfully this is provided out of the box and all operations are automatically logged (whether they come from the portal, powershell, rest api's or any form of interaction with Azure). To access this information we just need to navigate (more...)