Moodle on Azure using CentOS with AzureSQL for MariaDB

Hi and welcome back to my blog post. This time around i will be showing the guide on how to deploy Moodle utilizing Azure resources.

Below is the component that is needed in this deployment
1. Azure VM running CentOS (Mine is 7.8)
2. AzureSQL for MariaDB
3. MySQL workbench - optional

Some additional feature that has been using during this deployment is
1. Accelerated Network features on Azure VM
2. Service Endpoint for AzureSQL


Step 1. Deploy Azure VM name M02.

Step 2 . Ssh to that M02 and install the necessary component.
     
        2.1 Epel
        2.2 Apache
        2.3 Mysql-optional incase we need to test the connection from the MD02 to MariaDB
##########################################################################################################
sudo yum install epel-release -y
sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
sudo yum install mod_php71w php71w-common php71w-mbstring php71w-xmlrpc php71w-soap php71w-gd php71w-xml php71w-intl php71w-mysqlnd php71w-cli php71w-mcrypt php71w-ldap -y
##########################################################################################################

Step 3. Deploy AzureSQL for MariaDB
       3.1 If you choose to use Basic tier - u cant use service endpoint as it is not supported
       3.2 Setup service endpoint for General purpose tier for MariaDB

       3.3 Connect to MariaDB and create a moodle database
 
####################################################################################################
CREATE DATABASE moodledb01 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'moodleuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON moodle.* TO 'moodleuser'@'%' IDENTIFIED BY 'password1' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
 ###################################################################################################   

       Some note that need to be care of  the DB collation, its  turn out that im having issue with collation  "utf8mb4" so i opt for just " utf8". Second is when u create user, u need to "%" to replace localhost .


Step 4 - Download Moodle
####################################################################
wget https://download.moodle.org/download.php/direct/stable38/moodle-latest-38.tgz
sudo tar -zxvf moodle-latest-38.tgz -C /var/www/html
sudo chown -R root:root /var/www/html/moodle
sudo chown -R admin01:admin01 /var/www/html/moodle
#####################################################################

Step 5 - Create a folder for Moodle Data
#####################################################################
sudo mkdir /var/moodledata
sudo chmod -R 755 /var/moodledata
sudo chown -R apache:apache /var/moodledata
#####################################################################

Step 6 - Setup a Virtual Host - Replace the value of server admin,server name,server alias , error log and custom log accordingly
#######################################################
cat <<EOF | sudo tee -a /etc/httpd/conf.d/moodle.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/moodle/
ServerName moodle.example.com
ServerAlias www.moodle.example.com
<Directory /var/www/html/moodle/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/moodle.example.com-error_log
CustomLog /var/log/httpd/moodle.example.com-access_log common
</VirtualHost>
EOF
########################################################

Dont forget to restart the apache - sudo systemctl restart httpd

Step 7- Install moodle - sudo /usr/bin/php /var/www/html/moodle/admin/cli/install.php

Please key in parameter
- Language is  > EN
-Data directory  permission > 2777
-Web Address > http://yourvmpublicIP
-Data Directory location  > /var/moodledata
-Database driver - MariaDB
-DB Host - xxxxxx.mariadb.database.azure.com
-DB Name is - moodledb01
-Table Prefix > mdl_
- Port > ""
-Socket > ""
- DB user > moodleuser@xxxxxx
-DB password > "moodleuserpassword"
-Admin User Name > "uptoyou"
-Admin password > "uptoyou" *mininum 8 char, 1 big cap, 1 small cap,1 number, 1 special character
-Admin email > "uptoyou"
-Upgrade Key  > ""
-Read the condition > y

Moodle will be install after this step

Step 8. Post Installation

 8.1 modify config file permission - chmod o+r /var/www/html/moodle/config.php
 8.2 Setup cron job - sudo sudo crontab -u apache -e
                               - * * * * *    /usr/bin/php /var/www/html/moodle/admin/cli/cron.php >/dev/null
8.4  Remain the http connection with DB - sudo setsebool httpd_can_network_connect true
                                                                   - sudo setsebool -P httpd_can_network_connect_db on
8.5 Restart Apache


Browse your moodel by Http://PublicIP . Incase you hit "unable to load cache configuration file" run the following command and restart the apache again.

sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/moodle(/.*)?'

sudo restorecon -Rv '/var/www/html/moodle/'

sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/moodledata(/.*)?'

sudo restorecon -Rv '/var/moodledata/'

And Yup, you are done...

Some credit to blog post i refer to before i can complete this guide as follows :

1. https://www.vultr.com/docs/how-to-install-moodle-3-3-x-on-centos-7

2. https://www.hugeserver.com/kb/how-install-moodle-centos-7/

3. https://techcommunity.microsoft.com/t5/azure-database-for-mysql/deploying-moodle-on-azure-things-you-should-know/ba-p/814054

4, Special thanks to Mr Parikshit Savjani from Microsoft for replying my email and work together on getting the moodle up on the first place before tune to its stability.

Bye and see you on the next blog post... 

Lesson Learn -- OS profile in Terraform

Hello All,

Throughout my journey on learning terraform and start deploying resources mainly Virtual Machine, i just realize that i miss out one of most important parameter in OS Profile config which did not specify the code as below.

         os_profile_windows_config{

             enable_automatic_upgrades = false # For windows Update

             provision_vm_agent = true  #install and enable Azure VM agent 

            }

The VM will be still be deploy as normal but you will notice the vm name would not appear .

Sample As below 

1 VM01 was deploy without the specify the code as mention on top 

2. VM02 was deploy with the code 

 after certain research done and end up i found the solution in the github but one thing to clarify, even if you add the code into VM01 code in Terraform it wont be able to change it anymore. There a few way to solve it either via redeploy it , PowerShell and azure resourcer explore. 

Hope this will help for those who is still beginner in terraform like me, Cheer 😊😊

Enable Boot Diagnostic Via Terraform

Hello all,

today i will be sharing a bit on my experience dealing with terraform on deploying resource on azure.

My problem on building these terraform is to enable boot diagnostic for azure vm .

i try to dig into terraform documentation but seem like it just appear on description without any sample, so i think i would share the way to do that here. Lets start

1. Create a storage account for vm/boot diagnostic purposes

resource "azurerm_storage_account" "hub-core-vmdiag" {

  name                     = "azusgcorestrdiagnostic01"

  location            = azurerm_resource_group.azusg-core-vnet-rg.location

  resource_group_name = azurerm_resource_group.azusg-core-vnet-rg.name

  account_tier             = "Standard"

  account_replication_type = "LRS"

}

2. Create a VM

  

resource "azurerm_network_interface" "AD01-nic" {

  name                 = "AD01-nic"

  location             = azurerm_resource_group.azusg-core-vnet-rg.location

  resource_group_name  = azurerm_resource_group.azusg-core-vnet-rg.name

  enable_ip_forwarding = true

  ip_configuration {

    name                          = "AD01-ipconfig"

    subnet_id                     = azurerm_subnet.core-share-subnet.id

    private_ip_address_allocation = "Static"

    private_ip_address            = "172.30.0.197"

  }

 // tags {

   // environment = local.prefix-core

  //}

} 

resource "azurerm_virtual_machine" "AD01-vm" {

  name                  = "AD01"

  location              = azurerm_resource_group.azusg-core-vnet-rg.location

  resource_group_name   = azurerm_resource_group.azusg-core-vnet-rg.name

  network_interface_ids = [azurerm_network_interface.AD01-nic.id]

  vm_size               = "Standard_F4s"

  

  storage_image_reference {

    publisher = "MicrosoftWindowsServer"

    offer     = "WindowsServer"

    sku       = "2019-Datacenter"

    version   = "latest"

  }

  storage_os_disk {

    name              = "AD01-osdisk"

    caching           = "ReadWrite"

    create_option     = "FromImage"

    managed_disk_type = "Standard_LRS"

}

os_profile {

computer_name = "AD01"

admin_username = "xxxxxxx"

admin_password = "xxxxxx"

}

os_profile_windows_config{}

}

3. Add boot diagnostic option into your code (after the os profile)

   os_profile_windows_config{}

          boot_diagnostics{

          enabled = true

          storage_uri = "Https://${azurerm_storage_account.hub-core-vmdiag.name}

                        .blob.core.windows.net"

           }

you are done, now after you run terraform apply, this vm will be created, boot diagnostic will be enable with this storage account.

Happy testing and see you all again.

updated version is here on part 2 - Click here 

Say Hello to Windows Terminal

Hello reader, this blog post will be bringing you to explore more on Windows Terminal

One good thing about this terminal is you can add custom profile . By default you gonna have 3 predefined profile that are
  1. Windows Powershell
  2. Command Promt or CMD
  3. Azure Cloud Shell

but we may want to add additional custom to make our  life easier as for my case, i want to help my friend who manage 0365 and Microsoft Team and most of the things done via powershell, so let get started

Pre Step -
 1. Of cause download and install windows terminal
 2. locate this path "%LOCALAPPDATA%\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\RoamingState"- mainly for customization

*i downloaded and put this image on that location 

 3.  visit this website - https://www.guidgen.com/ to create a GUID - unique for each profile


Adding a custom Profile
1. open windows terminal and go to the setting

2. Since im gonna use powershell , so i just copy item number 1 and paste as item number 2. Please replace the GUID that you generated from the website given earlier

*always take note of -noExit parameter as this connect-microsoftteams will prompt for user name and password. 

 Here is my latest windows terminal that i have build 

Some sample or guide you may refer to few link below 

 1. https://www.howtogeek.com/426346/how-to-customize-the-new-windows-terminal-app/

 2. https://kpatnayakuni.com/2019/08/30/windows-terminal-and-my-customization-its-awesome/

 3. https://dev.to/expertsinside/how-to-customize-the-new-windows-terminal-with-visual-studio-code-56b1

A lot more customization can be done so please try and enjoy.

Deployment of Arcsight Connector on Azure Part 2

Continue from the previous post on this link . Now we are gonna strengthen the security posture of this connection via private connection .

Lets Begins.

For this purposes, there are some few thing need to be done.

 1. Upgrade the App Service Plan to  Standard or Premium
 2.  Connection to Arcsight Syslog NG ; vNet peering- Within Azure , S2S VPN - Outside Azure
 3. Congfigure the vNet Integration

  

  3.1 Choose your desired and vNet and Subnet as you want this Function App "sit" into.

 4. Change the connection to Arcsight Syslog NG  from its Public IP to Private IP. 

  * Even thought it gone through Public IP , its was on TLS . 

Navigate to both function Application Setting and change the IP Address Accordingly.

Do not Forget to restart both Function after this setting has been applied and walla you are done.

Deployment of Arcsight Connector on Azure

Hello all, welcome again to my blog and this time, the topic will be a bit out of norm..

SIEM tool is widely use in most of organization to manage their security and event management. Microsoft has their SIEM solution but for this round we gonna go  with ArcSight due to my latest testing and deployment.

without talking further, lets start

1)      Pre Deployment

           a)       Windows Server or Windows 10

i)        Set-execution policy to unrestricted or bypass

ii)       Running PowerShell atleast version 5

iii)     Loaded with Azure RM modules (Install-Module -Name AzureRM -AllowClobber -Scope AllUsers)

            b)      Azure Active Directory

i)        Roles assignment (either one)

(1)    Global administrator

(2)    Security administrator

(3)    Security reader

(4)    Reports reader

            c)       Azure Subscription

i)        Either Owner or Contributor

            d)      Download all preloaded file and script (refer here )

            e)      Copy app.properties , arcsight-cloud-functions-7.14.0 .zip and arcsight-monitor-functions-7.14.0 .zip to user directory

2)      Deployment

            a)       Edit app.properties file

    *for smoother deployment, please make sure the function app name use all small letter

            b)      Run the script

           c) Result

3)      Post deployment

             a)       Configure always on for azure function

b          b) Setup the diagnostic log

    C)Update the certificate use

*delete the existing one and upload the new remote_management.p12 that can get from syslog NG

    d) Restart both azure function and your arcsight syslog NG will start receiving the log from Azure platform and Azure AD.

Happy deployment. Till we meet again.

Register VM running SQL as SQL VM in Microsoft Azure **

Microsoft has create a new section in Azure called SQL Virtual Machine, This section is mainly to make azure admin task only view SQL  VM .

Below are some keys benefit of that : 

• Feature benefits: Registering your SQL Server VM with the resource provider unlocks automated patching, automated backup, as well as monitoring and manageability capabilities. It also unlocks licensing and edition flexibility. Previously, these features were only available to SQL Server VM images deployed from Azure Marketplace.
• Compliance: Registering with the SQL VM resource provider offers a simplified method of fulfilling the requirement to notify Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms. This process negates needing to manage licensing registration forms for each resource.
• Free management: Registering with the SQL VM resource provider in all three manageability modes is completely free. There is no additional cost associated with the resource provider, or with changing management modes.
• Simplified license management: Registering with the SQL VM resource provider simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using the Azure portal, the Az CLI, or PowerShell:

I just took from Microsoft docs as they has a very good explanation of that. Click here to the actual page.

Lets start register all the VM running SQL and enjoy the benefit. 

Step 1.Download the sql VM module and place it accordingly in your desired location.  Please refer to this link to download – Click here and here to download the module. Make sure you are running Az module for this to work. 

Step 2 Open Powershell ISE ; for better editing , to start doing the step.

Step 3. Navigate to desired loction and import the module

cd 'C:\Users\AbdulMunirBinMohamad\sql’

Import-Module .\RegisterSqlVMs.psm1

Step 4. Login to azure and choose your desired subcription (if any)

Login-AzAccount

Select-AzSubscription -Subscription "xxxxxxxxxxxxx" #this is dev sub ID

Step 5 . Modify the resource group name and vm name accordingly and run the command.

New-AzSqlVM -Name sqlsvr01 -ResourceGroupName SQLserverRG -LicenseType AHUB -SqlManagementType Full -Location southeastasia

*Please note that this process will restart the SQL instance, do plan the time accordingly

Step 5 . Check the status of the SQL VM from the following command .

Get-AzSqlVM -ResourceGroupName SQLserverRG -Name sqlsvr01

The whole powershell as follow.

cd 'C:\Users\AbdulMunirBinMohamad\SQL'

Import-Module .\RegisterSqlVMs.psm1

Login-AzAccount

Select-AzSubscription -Subscription "xxxxxxxxxxx"

New-AzSqlVM -Name sqlsvr01 -ResourceGroupName SQLserver -LicenseType AHUB -SqlManagementType Full -Location southeastasia

Get-AzSqlVM -ResourceGroupName SQLserverRG -Name sqlsvr01 


After all of this done, you can start search SQL Virtual Machine, then all your SQL virtual machine registered with SQL provider will appear. All SQL management task can be carry from there, here is sample. 

Enjoy.. 

Migration to Azure - Server Migration Part 2

Hello folk  and welcome to part 2 of this thread,

For this Section we gonna focus more on Azure Site Recovery . Azure Site recovery is mainly DR solution provided by Microsoft that is included in service called Recovery Service Vault(RSV). Another solution that covered by RSV is Azure Backup. As normal practice for me , i usually will separated  them in different vault for easier management

Without further a due,  Let start talk about it.

ASR does support source from Hyper V , VMWare and Physical Server. ASR was heavily used as one of migration tool to Azure before Azure Migrate was released.

Again because ASR was meant for DR purposes so what additional thing that can be done is Failback to its original sources except for Physical Server.

One of reason is because of the underlying technology that support ASR is from company called "InMage" . This company was acquired by Microsoft and the first ASR was born.

The details of some guide on deploying ASR for VMWare can be found one of the blogger, the link of the blog as below  https://davidfleming.org/azure-site-recovery-vmware-to-azure

He did all the guide necessary for people to learn and try ASR with VMWare. It gonna be a bit different from Hyper V as the replication is done by Hyper V Host instead ASR Configuration server.

ASR with Hyper V have very little prerequisite which is .net framework and Hyper V 2012 R2 and above.

Do provide me some comment and feedback for future improvement .