Arm Templates for Beginners | Deployments - Arm Templates #2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I'm Dean cipolla and this is the Azure Academy so today we're going to be continuing our series on automation and what we're going to do today is we're gonna build a couple virtual machines and we're gonna make them highly available with a load balancer and we're going to make them into web servers and then after that we're going to tear the whole thing down and redo it in automation so this is a general good principle to start off with we want to start by building things in the portal and then when we build them that will then give us the information that we need in order to be able to create the automation so whenever you start building a new item something you haven't dealt with before you want to start by doing it in the portal because the portal is very easy to work with so we'll look for example we're gonna start off building a virtual network now we've done these before and we'll hit create and I'll say that this is a web demo v-net and we'll leave the rest of these as is Oh need a resource group that'll help does every resource has to go in a resource group ok and that is deploying and we could either click on it here to go watch the deployment or in the deployment section of the resource group and this will be done in a few seconds ok so now we have our virtual network and now we're going to need a few other items beginning with a virtual machine then we're going to need an availability set for that and then we're also going to need load balancers and then we'll have to build a second virtual machine so we're going to make this a Windows system and we'll call this web VM zero and put it in our resource group and I'll select yes that I want to save some money with the azure hybrid use benefit and this is where if you have Windows licenses already that by checking this box you confirm that your current licenses cover the cost of the license of this virtual machine so you don't have to pay for it so you can save some money when you provision these resources in the cloud and I'm going to build this as a f2 because I like the performance of that and we're going to create ourselves a new availability set set and the default values are fine for our fault and update domain there we will be using managed disk and we'll be doing it on our current existing subnet but we are not going to provision a public IP address because that will be assigned to our load balancer but we will need to have HTTP and RDP allowed through our network security group so we're gonna have each VM have one network card that no work card will have a network security group attached to it and then we will be putting that behind a load balancer so then the public IP address will be required on the load balancer alright and we'll leave the rest of these as is and using our default storage account here for Diagnostics alright so we're gonna hit create and our first VM is off and running now one thing that I want you to take note of as we look at our deployments and that's go ahead and ahead a building is when we look at our template what we're actually provisioning here is a virtual machine availability set network card and network security group now as we look at this template you see we have a parameters section which has a lot of inputs and we can see those inputs either over here on the input screen or we could click on parameters here and that will show us the inputs and these inputs are they're not exactly intuitive they're not exactly easy to know what you should put in there if you've never done it before for example the biggest one being this diagnostic storage account resource ID you would not be able to figure that out on your own so when we're writing our automation what we want to do is make things as simple for the end user as possible accounting for the scope of what it is we're actually automating meaning are we automating everything that's in this resource group or just parts of it and counting on other parts to be present first for example it's very common to deploy a virtual network and have that in place with your routing rules and security groups and all of that and then on top of that provision virtual machines because you have a specific configuration for your virtual machine and that has to be done time after time after time but you only had to build your virtual network once so it's common to keep those kind of things separate also if you have a separate security stack or central services that are provisioned that's going to be different from deploying an app server okay so when you have that app server that you need to deploy like in this case we're provisioning two web servers and they could just as easily be app servers or database servers then you want to make the inputs as simple for the user and is intuitive as possible giving them as few chances to make mistakes so that they provision things according to your standards okay so we want to keep pushing this DevOps mindset of continuous integration continuous improvement we want to move fast we want to be agile but that also means we have to allow for the fact that we sometimes will fail fast okay and that's good if we learn from it and can move on and recover and that's the point of DevOps so coming back to our template here we can wait for this system to be done which will probably be another minute or two or we could go ahead and provision right now our second BM and we're gonna do that so you've already seen us deployed the vm through the portal but now i'm gonna show you the first kind of portal automation so yeah actually i'll let me go back to our overview here for a second so see this redeploy button when this build is complete you can hit redeploy and it'll ask you the questions that you need to enter to deploy this thing all over again or we could not wait click on our template here and hit deploy and that's going to give us the same process so you get a screen that looks like this which we've done this before and we select our resource group and you see most of these things are already filled out for us but they are filled out for the VM that we already built so if we just do this again we will still only have one VM so we need to change some values here so we'll change this to be VM one and we'll leave it on the same virtual network and we'll have to change the network interface name so let's change this to web VM one - Nick and leaving the same NSG for two VMs if they're in the same role is okay so we can have more than one Nick attached to an NSG and if they're in the same role for the same app they need the same rules so why not just use the same one over and over and then we'll put in our password and we'll leave it in the same availability set again because it's the same kind of system that's in the same tier and it's gonna need to be as highly available and the availability set will mean that both VM 0 will be put into one server rack VM 1 will be put into a separate server rack to make them highly available on the azure side and we're not going to change our values for our fault in update domain we'll leave it in the same diagnostic storage account and our ID which was long and ugly for us to put in is already present for us so no extra work needed and we're deploying it to the same subnet so there we go we've done simple automation through the portal alright and you could just keep that process going over and over and you see these resources finished straightaway because they already existed ok and now we've built our network card and we're gonna go on provisioning on VM 1 from there and VM 0 has finished so that's good and we still have these long names for the disks so I don't really like that I prefer it conform to a proper naming standard that I have so I'm gonna want to change that when I do the automation as well as this original network card I'm going to want it to conform to my naming standard like I have for my second NIC the NSG name is OK the VM names are ok and of course I typed in the virtual network name so I like that so we have to wait for that to finish but in the meantime let's provision ourselves a load balancer so in the marketplace we type load balancer and we create that now there are a few different kinds of load balancers so there is a internal load balancer and a public load balancer the difference being public has a public front-end or public IP address and the internal does not it only an IP address on your local virtual network subnet and there are also two SKUs in the SKU that we're going to use is basic because basic supports public IPS standard today does not support public IPS but standard has a another advantage of having highly available ports or h.a ports the benefit of that is I don't have to know or call out every single port I need this load balancer to balance for me across multiple systems I can just tell it h a ports and it will balance all traffic that comes in from the back-end systems automatically which is very nice I believe that that the feature of standard load balancers with public IP addresses would be coming in the future but I don't know for sure so keep your eyes open on as your updates for that so let's give this guy a name and it's our Academy it's a web load balancer and ILB is for load balancer and then we're going to keep it as public and basic and so we'll create a public IP address and that will also be in the basics queue and this is important because when you have a standard resource like a load balancer then the SKU that the public IP address has must also be standard okay so when you have basic it has to be basic they have to match because they're two different API is worth of technology and so you've got to use the one that works with the other and then we'll put it back in our web demo resource group and the rest of this is fine now we're not done with creating this load balancer because there are several components that it needs to have configured and let's check in on our deployment so the deployment of our second web server is still ongoing and this brings us to a another layer of automation that we can add to our VMs so if we go to web be m0 we have this blade here for extensions now extensions if you remember from our fundamentals course are bits of automation code that we can add on as services or as functions so for example we have several different services here we have our network watcher agent Microsoft anti-malware protection GPU drivers if you're using a VM that has nvidia gpus cloud link which is a disk encryption tool we have chef we have puppet we have agents for monitoring and we have powershell desired state configuration which works like puppet and chef and then we have Kaspersky which is a antivirus software and then we have a couple backup tools and then we have this guy the custom script extension so custom script extension will allow you to pass a PowerShell script to your system and then configure it or make a change install some software or whatever it is that you'd like to do so in order for this to work we have to pass it a PowerShell file so if we click on R and then we're going to select our AAA install iis so if we look at this it's just the simple PowerShell command that is install windows feature of a web server and include management tools so not very complicated and that does not need any additional arguments but if you did you could so for example I could put the - install management tools here but since I have it in the script I don't need to and we'll hit OK for that and that's going to go off and create and it looks like our other VM is done and our load balancer has been stood up and here's the azure load balancer now there are as I said several other things in here that we have to configure so here's our front-end IP which is using our azure public IP address we have to create ourselves a back-end pool now a pool is where the network cards from the VMS that we want in this pool are going to sit so remember that a virtual network has network cards that live on subnets the network card is not the virtual machine the network card is attached to the virtual machine and the network card is attached to the back-end pool of the load balancer ok so it's not the VM exactly it's just attached to it so we have to create a back-end pool so we'll call this a a web back-end pool and this will be for IP version 4 and we can associate this to a virtual machine scale set which we haven't talked about yet a single virtual machine or to an availability set in the standard skew this is slightly different where you can attach VMs multiple VMs without an availability set but in basic it has to have an availability set so then we will select our web availability set and then we will plug in our virtual machines and which IP address or which network card on those virtual machines we want to add all right that looks good now we needed this back-end pool because ultimately we need some load balancing rules but if we look at adding a load balancing rule it says we need a back-end pool and we need a probe before we can have a load balancing rule so once this finishes updating we will create ourselves a probe now a probe is something that looks at either HTTP or TCP and it looks at a specific port like port 80 for a web server and it's going to analyze that port and see is the system in the back-end pool alive on that port if it is the health check is good if it is not then there are a couple factors that it uses to judge what it should do okay so one of those factors is how many seconds is it between health checks and how many times has this system failed the health check okay and we'll look at these so when you have it is the interval of five seconds by default and a unhealthy failure of two times so there could be a maximum of ten seconds before you get failover so if your system is hung it's there but it's not really responding on that port it could be up to ten seconds before it fails but it will generally be much faster to respond as you'll see in a minute so we'll call this the web probe and I believe it's done updating so this should be okay that's another thing I should bring up is that if another process is going like creating the backend pool or creating a probe in a load balancer trying to update it with another feature like adding a new probe or a low balancing rule or anything else while it's already updating will fail so it can only update one thing at a time in the load balancer so you just have to be a little patient which is another great reason to use automation because when we do that we can do everything all at once okay so our probe is done and now we're gonna create our load balancing rule so we'll call this web rule one and it is IP version 4 and it's going to use our load balancer front-end which is a public IP address and it's on port 80 on the front end and port 80 on the back end and of course we could change these if we wanted to and it's using our back-end pool that has two virtual machines the health probe we just created and then there are a few other items here so we don't need this because we just have web servers so we will hit OK and while that is finishing we've got our web VM zero that has is installed and it's got a public IP address right now because it is in our back-end pool and the backend pool is fronted by our front-end pool that's where the public IP address lives and so what should happen if we go to this web address or this IP address is we should get a response from our default web page which we do so we know that our web server on this box has been configured that's great now we've got our second box and the second box did not have that extension so there is no web server running on that box so what we're gonna do here is we're gonna reboot VM zero and we're just going to keep refreshing this page and oh there it goes servers down so we don't have a web server set up on the second box and our first box is now rebooted so our website is unavailable okay so this is what you don't want ever want to have happen okay so once we configure the second system properly then we would see that the web server is good ok it looks like we should get a response in a second and there we are ok so we see that the server went down the server came back up the second server did not have a web server built in so we got no response and that was our expected behavior so what we want to do now that we've built all of this is we know it works I mean we could go ahead and install the extension on the second VM but you know we know that that process works so we're good to go we know exactly what it is that we have built and we know that basically this is a working set up so now we want to automate it and we don't just want to automate the VM like we did for creating VM one we want to automate everything ok so how do we do that I mean that's that's a bunch of steps and we'll talk about that in the next video

Info

Channel: Azure Academy

Views: 4,062

Rating: undefined out of 5

Keywords: Arm Templates Tutorial Azure Resource Manager Deployments, Arm Templates Tutorial Azure Resource Manager Deployment, Azure Resource Manager Deployments, arm templates tutorial, azure resource manager, azure resource manager best practices, azure resource manager template deployment, azure resource manager template tutorial, azure resource manager templates, azure resource manager training, azure resource manager tutorial, Azure Academy, iac tutorial, The Azure Academy, yt:cc=on

Id: N7afB_h5VFw

Channel Id: undefined

Length: 21min 46sec (1306 seconds)

Published: Wed Sep 12 2018