Category: Dev Ops

All about code tracking and management for example, Azure DevOPS branching and merging, Release management, Continuous integration (CI) and Continuous deployment (CD).

Cloud computing

Cloud computing is the on-demand delivery of IT resources over a network. In traditional data centers, compute and storage resources used to be allocated manually by a dedicated IT team. In the cloud, this process is fully automated, leading to increased agility and significant cost savings.

Types of clouds

Cloud types vary depending on who owns or operates them. It is also possible to use more than one cloud at a time in a hybrid or multi-cloud architecture.

Public cloud

Public clouds are owned and managed by a cloud service provider. All resources are shared between multiple tenants. Even though the public cloud market is dominated by three major players, hundreds of smaller public cloud providers exist all over the world and run their public cloud infrastructure on Ubuntu.

More about public clouds ›

Private cloud

A private cloud is owned by an organization or an individual. All resources are exclusively dedicated to a single entity or a service. It runs on the organization’s premises or in an external data center. It is managed by the organization’s operations team or a managed service provider.

More about private clouds ›

Managed cloud

Managed clouds are private clouds that are fully managed by a third-party organisation (aka managed service provider). The customer provides the hardware, but cloud operations and maintenance tasks are outsourced. The cloud can either run on the organisation’s premises or in the managed service provider’s data centre.

More about managed clouds ›

Micro cloud

Micro clouds are a new class of infrastructure for on-demand computing at the edge. They differ from the internet-of-things (IoT), which uses thousands of single machines or sensors to gather data, yet they perform computing tasks. Micro clouds reuse proven cloud primitives but with the unattended, autonomous and clustering features that resolve typical edge computing challenges.

More about micro clouds ›

Hybrid cloud

Hybrid cloud is a cloud computing architecture that consists of at least one public cloud, at least one private cloud and a hybrid cloud manager (HCM). It is one of the most popular trends in the IT industry, adopted by 82% of IT leaders, according to the Cisco 2022 Global Hybrid Cloud Trends Report.

More about hybrid clouds ›

Multi-cloud

Multi-cloud (also referred to as multi cloud or multicloud) is a concept that refers to using multiple clouds from more than one cloud service provider at the same time. The term is also used to refer to the simultaneous running of bare metal, virtualised and containerised workloads.

More about multi-cloud ›

Cloud computing models

Cloud computing services are usually available to end users in the form of three primary models. Those include infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS). Some more specific use cases exist too, such as container-as-a-service (CaaS). However, in essence, they are a subset of the main three.

IaaS

In the IaaS model, you provision resources. Those include the number of virtual CPUs (vCPUs), the amount of RAM, storage, etc. They come in the form of VMs or containers with a pre-installed operating system (OS). You manage everything up from there. IaaS is the most common cloud computing model as it allows for more freedom.

PaaS

In the PaaS model, you provision workloads. While you are still responsible for delivering application code and data management, the PaaS platform takes care of scheduling resources (usually containers) and manages them, including the OS, middleware and runtime. The PaaS model has never been widely adopted due to its overall complexity.

SaaS

In the SaaS model, you provision applications. They are deployed from pre-defined templates and can be configured according to your needs. Everything is managed by the cloud provider. Interest in the SaaS model is constantly increasing as it allows for full automation from the ground up.

 Legacy data centreIaaSPaasSaas
ApplicationsYou manageYou manageYou manageCloud provider
DataYou manageYou manageYou manageCloud provider
RuntimeYou manageYou manageCloud providerCloud provider
MiddlewareYou manageYou manageCloud providerCloud provider
O/SYou manageYou manageCloud providerCloud provider
VirtualisationYou manageCloud providerCloud providerCloud provider
ServersYou manageCloud providerCloud providerCloud provider
StorageYou manageCloud providerCloud providerCloud provider
NetworkingYou manageCloud providerCloud providerCloud provider

Reference

https://ubuntu.com/cloud/cloud-computing

VLAN and Routing with Unraid

VLANs had me confused and running in circles for a while when I was first setting them up too. My understanding of things may not be entirely correct or the “right” way of doing things, but it worked for me. I don’t have experience setting up VLANS in the Unraid interface, but my experience getting VLANs working may help you notice something you overlooked.

I believe you need switches and a router that support VLANs, also known as 802.1q. The switches certainly need support for VLANs and I believe the router may need it to route traffic between VLANs (e.g. from VLAN 4 to VLAN 9), perform network management things like DHCP, and access the Internet. Many consumers routers and basic unmanaged switches don’t support VLANs. Third-party firmware like OpenWRT may be able to add VLAN support to consumer routers. I’m not sure what a “smart unmanaged” switch is, but if it doesn’t have some sort of an interface, be it Web, software, serial/RS-232, or ssh/telnet based, it isn’t smart enough to support VLANs; all VLAN configuration is performed on the device itself via some sort of interface. Check the spec sheets on your gear.

I ended up using Netgear GS108Tv2 and GSS116E switches with a pfSense router running on a Dell 780 SFF PC with a I350-T2V2 network adapter. The fancy network adapter isn’t required. The 116E switch has basic “port-based” configuration, but the 108T doesn’t, so I used “advanced” VLAN configurations.

The first major concept to understand is that network traffic doesn’t have VLAN tags until you turn on VLAN support. Traffic on VLANs has extra data added to it, (the 802.1q header), that requires routers and switches to understand VLAN-formatted traffic.

The second major concept to understand is the Port VLAN ID (PVID). It appears to be the default VLAN ID for a port.

The third major concept to understand is VLAN membership. A port is a member of a VLAN if it’s marked as “tagged” or “untagged” on a VLAN. Most devices, e.g. PCs, game consoles, iPads, etc., don’t understand VLANs and so their traffic does not contain a VLAN tag; their traffic is “untagged” when entering the network. “Untagged” ports assign the PVID of the port to the traffic, giving it the VLAN information needed to move on a VLAN network; traffic inherits the VLAN ID from the port. My networked devices are all “untagged” on once VLAN, making them a member of a single VLAN.

“Tagged” ports appear to be designed to move traffic that is is already tagged. This could theoretically come from a device that understand VLANs or be traffic from an “untagged” port that had a tag added by the switch. Cisco uses a technology called “trunk” ports for passing traffic between switches and routers that Netgear doesn’t have. I use “tagged” ports to accomplish this task. My “trunk” ports are tagged in all VLANs, making them a member of all VLANs and allowing them to communicate with all VLANs while passing traffic between switches and routers.

All my networked device are on “untagged” ports but they they inherit a VLAN ID from the port; they become “tagged” by the switch rather than the original device. Once the traffic from a device is tagged by the switch, it can communicate with any device on the same VLAN. Communicating with devices on a different network switch or communicating with devices on the Internet requires the “trunk” ports that are tagged in multiple VLANs.

I set up VLAN 1, 4, and 9; 1 is used for network management, 4 is for my PCs and such, 9 for my Unraid server.

My only experience is with the Netgear stuff, so some of the terminology may be different with other brands.

So if Port 1 connects the switch to the router, Port 1 would bet marked as tagged on VLAN 1, 4, and 9 in my setup, making it a member of VLAN 1, 4, and 9; this makes it something like a “trunk” port between the switch and router and allows all the traffic can get upstream to the router as needed. My “trunk” ports also got a PVID of 1; they always tagged traffic, so the PVID may not matter.

If Port 2 is connected to my desktop PC, it would get a PVID of 4 and is untagged on VLAN 4 only. This allows the port to only communicate with other devices on VLAN 4.

If Port 3 is connected to my laptop, it would get a PVID of 4 and is untagged on VLAN 4 only. This allows the port to only communicate with other devices on VLAN 4.

If Port 4 is connected to my Unraid server, it would get a PVID of 9 and is untagged on VLAN 9 only. This allows the port to only communicate with other devices on VLAN 9.

The fourth major concept is inter-VLAN routing. My PC and laptop in the example above can talk to each other because they’re both on VLAN 4 and can talk to the router via the trunk on port 1. The Unraid server can talk to the router. However, members of VLAN 4 can’t talk to members of VLAN 9. I remedied this with firewall rules in the router. These rules allow me to control which devices (IP addresses) and services (ports) on VLAN 4 can communicate with which devices and services on VLAN 9. I believe this is a reason why the router needs VLAN support – you’re routing between VLAN networks (e.g. 192.168.4.100 to 192.168.9.10). The router may also need to understand the VLAN-formatted packets so it can strip off the VLAN formatting before forwarding it to the Internet.

So I added firewall rules in pfSense to allow my PC and laptop to access the Unraid web UI, ssh, file sharing ports, Plex ports, etc. of my Unraid server.

See more here

Azure PowerShell and Azure CLI

It’s impossible to memorize all commands in PowerShell and Azure CLI. Good news is that Microsoft follows a standard pattern

Open this page;

https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest

If we look at Azure CLI command for Virtual Machine, they follow this naming convention;

az vm list
az vm create
az vm delete

Azure CLI start with az vm and a verb. another example is;

az keyvault list
az keyvault create
az keyvault delete

for a more complicated example;

az network vnet list
az network vnet create
az network vnet delete

In above example vnet is a sub-component of netowrk. another example is;

az network vnet subnet list
az network vnet subnet create
az network vnt subnet delete

Where subnet is a sub-component of vnet and vnet is a sub-component of network.

Let’s go over PowerShell now;

https://learn.microsoft.com/en-us/powershell/module/az.keyvault/new-azkeyvault?view=azps-12.0.0

Get-AzVM
New-AzVM
Remove-AzVM

Verb is the first part of the word.

Get-AzVirtualNetwork
New-AzVirtualNetwork
Remove-AzVirtualNetwork
Get-AzVirtualNetworkSubnetConfig
New-AzVirtualNetworkSubnetConfig
Remove-AzVirtualNetworkSubnetConfig

Standard PowerShell that comes with windows doesn’t work. We need to upgrade it to PowerShell7 which is a cross-plateform scripting engine. There are 3 Azure specific modules for PowerShell that we need to install (We can avoid to install anything by using Azure Cloud shell);

For demo purpose, I am using Azure Cloud shell. The advantage is that i don’t need to login to my account because i am already logged in to Azure Portal. The response that i will get here is JSON formatted.

PowerShell

Microsoft has switched from old “Azure RM” to “Az” module. They don’t run side by side. To install a new AZ Module, run this command;

Run as administrator

Install-Module -Name Az-AllowClobber -Repository PSGallery -Force

To update module if you have already installed it;

Run as administrator
Update-Module -Name Az -AllowClobber -Repository PSGallery

To connect to Azure from workstation, use this command in PowerShell terminal;

connect-AzAccount -TenantId {GUID} (We don't need curly brackets)

To check latest version of PowerShell, follow this link;

To view installed Az module, use this command;

Get-InstalledModule -Name Az -AllVersions | Select-Object -Property Name, Version

This will list down Name and Version of Az Module. My list has Az Version 8.1.0 installed.

To list my web app, run this command in PowerShell terminal

Get-AzWebApp

To get a shorter version of output, run this command;

Get-AzWebApp | Select-Object Name, Location | ConvertTo-CSV -NoTypeInformation

Azure Core Service

There are 3 core services. This is the foundation of cloud; Every Azure service is built on one or all of these. for example, if we are learning Machine Learning, its a combination of Virtual Machine and Storage.

Virtual Machines

Windows or Linus OS. Can be created in few minutes. Can be remotely connected. Install whatever software you want.

Virtual Machine is a foundation on top of which other compute services provide service;

a) Azure Batch

b) Virtual Machine Scale Sets

It’s a way to have load-balancer where virtual machine are setup with some auto-scaling rules.

c) Azure Kubernetes Services (AKS)

Working on AKS cluster is basically working with VM. AKS is abstraction to underlying VM.

d) Service Fabric

A different paradigm to Virtual Machine is App Services.

1- App Services;

Web apps or container apps, Windows or Linux OS, fully-managed servers, no ability to remote control and others

Virtual Networking

Refer to this article.

Storage

a) Storage can be upto 5 pb, Storage types are Blobs, queues, tables, files – Various levels of replication including from local to global. Storage account charges are based on size of the storage (currently 1.8 cents per GB).

Storage tiers are hot, cool and archive