Azure Cloud: What is Azure Virtual Networking? Learn with fun!
Learn creating Jenkins build system, Azure Bastion & Azure compute…
Azure Virtual networking is software based networking to allow multiple communicative devices to talk among within the logical boundary of the organisation without requiring hardware/routers etc. Virtual Networking is the communication between servers, VMs and devices over the world wide web. Similarly, Azure Virtual Network (VNet) is a private network with interconnected Azure Resources like Azure VMs, Infrastructure and Network. It enables communication between various Azure Resources via the Internet.
Subnetting is the process of dividing a network into many smaller networks.
The two different types of IP Address used and allocated in Azure are Public IP and Private IP.
Private — The Private IP address allows communication of resources within the azure resource group.
Public — The Public IP address allows Azure Resources to communicate with public-facing Azure services via the Internet.
What is WAF?
Web Application Firewall service by Azure is a firewall service for protecting the web applications from these common threats. It provides an easy to setup software layers for applying various protection of layers for security management. You can deploy the WAF with other services like Azure Application Gateway, Azure Front Door and Azure Content Delivery Network (CDN)
What is Azure Load Balancer?
Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers or services (API).
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Example to understand the virtual networking and how it work?
We will provision two VMs for Jenkins Server (Master) and another for Jenkins Slave Node using the private network.
Jenkins Server will kick in the pipeline build on Jenkins Slave Node (as build runner)
Jenkins Master server will be publicly available for us using DNS or Public IP but Jenkins Master Server will use private IP to connect to Jenkins Slave node and hence Jenkins Slave is not going to be publicly available!
Create a new resource group “VM_Group”
Click on the Create button on the Resource Group named “VM_Group”
Click on “Create” VM from within the Resource Group.
Select the Image Jenkin Server Image (CentOS 8.3) for your Jenkins Server.
Select the authentication type to Password and provide user and password and save it locally.
Select Next button and keep Disks, Networking's, Management, Advanced and Tags tab defaults. In the last tag, you will click on “Create” button.
Once the VM is successfully provisioned, Go the resource group and select the Jenkins master’s IP and make the IP from dynamic to Static and also update the DNS name to ‘JS***’ (any three digit number). It has to be globally unique !
Copy the the DNS into your browser from the VM overview page as shown below and you should see similar first time Jenkins page on the Jenkins Server.
Open the Jenkins Server’s overview page and click on the connect and enable the Bastion so that we can ssh via browser. It might takes more than 4–5 mins so make tea or coffee for yourself after enabling it.
Now use the user and password you configured while provisioning the VM into Bastion to open the VM’s SSH CLI.
if you run following command on the VM SSH connection
$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Copy the password and input into the Jenkins UI.
Choose the Install suggested Plugins
Let all plugins installed. if any fails, do not worry about it.
Create new Jenkins ‘s Admin User on the Jenkin Master Server. it has nothing to do with your VM’s credentials. Both are separate.
if your Jenkins Server is up and running you will see something similar to below image.
Create new Jenkins Slave Node to work as Job Runner for the master machine.
Create new a VM in the same resource group and name it as shown in the picture below, choose the Ubuntu Image and provide new credentials for the VM and save it. We need to later.
Make sure you use the same resource group and select the same Virtual Network, Subnet and no public IP for the VM.
Click Next: *** button until you see final “Create” button and click to provision the Jenkin-Slave-VM machine.
Note: Now, use Connect button and use the Bastion now on the Jenkins Slave node and verify the connection (user/password) works on the newly created VM.
Installing latest Java on the Jenkins Slave is mandatory before you add it a node on the Jenkins Master server.
Connect via Bastion and run following commands On Jenkins Slave Node (SSH Connection):
# Install Java so that it can work as Jenkins Slave Node.
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get update
$ sudo apt-get install openjdk-8-jdk
$ echo “JAVA_HOME=$(which java)” | sudo tee -a /etc/environment
$ source /etc/environment
$ echo $JAVA_HOME
Configure the New Node as Agent on the Jenkins Master server.
Connect to the Jenkins UI via DNS set up done in the part 1 and add a new Node as shown below.
Node Information:
Name = “Jenkins-Slave-Node”
remote root directory*= “/home/vmadmin”
launch method=”Launch agent via SSH”
hostname=”<Your Private IP address of the Slave VM>”
Labels: “Production”
* = it best to give user’s home directory so that we do not run into the permission issue for Simple DEMO purpose.
Add a Jenkins Credential and use it to attach it to the Jenkins Slave Node configuration as shown below. You must use the same credentials as you have configured for the Jenkins Slave Node while provisioning.
Once, Jenkins’s Slave Node information is configured correctly, Launch the node from the Jenkins Master process can ssh into the node and delegate the tasks.
Create your HelloWorldPipeline and run it on the Slave Node, not on the Master server!
Add “Execute Shell” step and configure it to run on the Jenkins Slave node via the Label configured as ‘Production’.
Add above step and put ‘uname -a’ command in it. Also update the ‘restrict where this project can be run’ option and put ‘production’ in it.
Your basic pipeline is ready to run now and you click on the Build Now button.
if you click on the logs on the pipeline afterwards, you can see the name of the machine returned by ‘uname -a’ command!
Now, we can see how local networking has been used for two VMs to communicate with each other without leaving the local Azure network!
Further Learning : https://docs.microsoft.com/en-us/learn/modules/azure-networking-fundamentals/
