I received several questions about Day 2 operations after my previous Tuono demo post. Day 2 operations are a core feature of the Tuono platform. Many cloud infrastructures evolve over time and managing changes to those environments is critical. A Tuono blueprint can be applied to an environment repeatedly and it will verify the deployed cloud infrastructure matches the blueprint each time it is applied. This also allows a user to make changes to the blueprint and apply it to the environment to make changes to the deployed infrastructure. In this demo, we start with an environment deployed to Azure, then we edit the blueprint and see the changes to the access control list (ACL) and disks.
How do I add a disk to an Azure instance / VM?
In order to add a disk to an Azure instance with Tuono, simply add the new disk to the blueprint. In the example below we add a new 50GB disk named “data” to our virtual machine named “vm-instance.” This is done by adding 2 lines to the blueprint as seen below. The new disk will be added to the instance next time the blueprint is applied.
Before:
vm:
vm-instance:
admin_username: adminuser
cores: 2
memory: 4 GB
disks:
boot:
size: 100GBAfter:
vm:
vm-instance:
admin_username: adminuser
cores: 2
memory: 4 GB
disks:
boot:
size: 100GB
data:
size: 50GB
How do I modify the access control list (ACL) on an Azure subnet?
The ACL can be updated to disallow http by removing the http line from the protocol list for the policy. In this case, that is accomplished by removing a single like from the policy. The http rule will be removed from any ACL that uses this policy next time the blueprint is applied. The Preview feature will show what changes the system is planning to make without making any changes to the running environment. This allows you to see what if going to happen before executing the changes.
Before:
firewall:
management-access:
rules:
- protocols:
- https
- http
- ssh
to: members
from: 192.168.1.42/32After:
firewall:
management-access:
rules:
- protocols:
- https
- ssh
to: members
from: 192.168.1.42/32Check out this Tuono Azure Day 2 demo
Here is a full copy of the blueprint for anyone who wants to try it out.
location:
region:
demo_region:
country: USA
area: northwest
folder:
demo_folder:
region: demo_region
name: Demo_RG
networking:
network:
demo_vnet:
range:
- 10.50.0.0/16
- 10.150.0.0/16
public: true
subnet:
public_subnet:
range: 10.50.0.0/16
network: demo_vnet
public: true
firewall: management-access
private_subnet:
range: 10.150.0.0/16
network: demo_vnet
public: true
firewall: management-access
protocol:
ssh:
ports:
- port: 22
proto: tcp
https:
ports:
- port: 443
proto: tcp
http:
ports:
- port: 80
proto: tcp
firewall:
management-access:
rules:
- protocols:
- https
- ssh
to: members
from: 192.168.1.42/32
compute:
image:
bionic:
publisher: Canonical
product: UbuntuServer
sku: 18.04-LTS
venue:
aws:
image_id: ami-0a7d051a1c4b54f65
vm:
vm-instance:
admin_username: adminuser
cores: 2
memory: 4 GB
disks:
boot:
size: 100GB
data:
size: 200GB
image: bionic
nics:
external_nic:
ips:
- private:
type: dynamic
public:
type: static
firewall: management-access
subnet: public_subnet
internal_nic:
ips:
- private:
ip: 10.150.0.11
type: static
subnet: private_subnet
ssh_public_key: {{ public_key }}
