Using a self-hosted runner with GitHub Actions

As I was going through the excellent short course called Azure Infrastructure as Code with GitHub (by fellow MVP, Barbara Forbes), a thought appeared – what do I need to do to use my custom runner machine inside a pipeline for… I don’t know… security/privacy concerns, isolation, special requirements, different OS, control, price… or just to complicate things a bit?

Of course, GitHub supports this and it’s called a self-hosted runner.

So, what do I need to do to use this self-hosted runner with my GitHub Actions?

It’s relatively simple – there is an application package, which will be installed on your runner machine, and which will listen for and eventually do all the work defined in your workflow!

But first, let’s introduce my environment.

I have a simple GitHub Action (workflow), which creates a simple storage account on my Azure environment (there is actually no need to convert Bicep to ARM before deployment, but it seemed cool 😀). It’s currently using the „ubuntu-latest“ runner, provided by GitHub… which has also all the needed components inside (like Azure CLI, Azure PowerShell, …).

And it works fine. When there is a push to my GitHub repository, GitHub Actions starts and does what is needed on my Azure environment via this workflow:

And the mighty Bicep file (😀) it’s using for the deployment is:

Of course, this runs just fine on a standard (hosted) runner:

To run this workflow (successfully) not that much is needed.

First, I’ve created a new virtual machine (I’ll use a simple Ubuntu Hyper-V VM, no autoscaling, no… nothing) called hermes (god of speed 😀), with freshly installed Ubuntu 22.04.1-LTS (minimized).

After that, I went to the Settings of my GitHub repository and got the download and install scripts for the x64 Linux runner:

As you can see, I’ll be using crontab later to automatically (re)start my self-hosted runner.

If everything went well, you should see your runner “up and running” (😀) in the GitHub portal:

Next, I’ll use the following script to install all prerequisites for my workflow (like Azure CLI, Azure PowerShell, etc. – it really depends on your workflow and things you use):

Once this is done, my self-hosted runner hermes should be ready to run the workflow.

To try this, I need to make a slight update to my workflow file – line 12 inside the job configuration should be updated from “runs-on: ubuntu-latest” to “runs-on: self-hosted“.

So, my workflow YAML file now looks like this:

And once I push the configuration to my GitHub, my workflow automatically starts and runs on hermes, my self-hosted runner:

If we prepared our runner right, all is good! 😊

Of course, our resources are deployed successfully:

So, this is how you can use your own, self-hosted runner, to execute your GitHub Actions (workflows).

Cheers!

Fixing permissions for EC2 private key file

This time, I was playing around with AWS and created some EC2 instances.

When you are creating and working with your instances, you will need to take care of the authentication – you would usually import or create new key pair and use private key on your machine to connect via SSH to the EC2 instance in AWS. The whole process of creating a key pair and downloading the private key is pretty simple – on the page below, you select name, type and format of your key pair and, when created, private key begins automatic download to your PC:

Now you can create your instance and select the created key pair for authentication:

If you have your private key ready and the instance is up and accessible to you, you can use (for example) SSH to connect to it:

So… we have a challenge! Looks like our private key is not secured enough and others may have access to it!

If we look at the permissions, we can see that all of them are actually inherited… so, we’ll need to remove the inheritance/inherited permissions and give them only to the account that needs it:

And after some “tweaking”:

If we retry the connection, this happens:

 

Excellent!

And if you’re not a fan of clicking through the permissions dialog, here are scripts that can help you with this – they basically remove the inheritance and add full access permissions to the owner of the file (needs path to your private key file as a parameter!):

  • the “PowerShell” flavour:

  • the “CMD” flavour:

Hope it helps!

Cheers!

P.S. Scripts are also available at my GitHub (https://github.com/TomicaKaniski/toms-notes-code/).

P.P.S. There’s also a script that restores inheritance and inherited permissions… in case you… mess something up. 😀

Open Cloud BBQ – Nano Server

There was a barbecue today… on the roof… of the Microsoft office! How cool is that??? Smiješak

I’ve had an honor to join my colleagues and friends, and contribute to this great event with a presentation called “Nano Server – budućnost je tu!”, which was actually inspired by Jeffrey Snover’s Ignite speech about Nano Server – the new installation option in Windows Server 2016.

10301057_10153392135462905_6070746253170533265_n

The whole Nano Server idea is very simple – let’s remove all the “unnecessary” roles and features (especially the famous GUI), and leave only the parts that we really need for whatever purpose (i.e. we’re getting the “purpose built servers”). All the purposes/roles that are supported in this preview version are Hyper-V, File Server and Failover Clustering, and they are working great on this “nano-sized” server operating system (even in this early preview).

I’m really excited about Nano Server, and I’m so glad that I’ve had a chance to talk about it at such great event. Because there were so many questions about it during the day/evening, I’ve noticed that Nano Server is a very cool subject for attendees also. Nice!

The presentation is available on SlideShare – check it, install the Nano Server and start rocking your datacenters! Smiješak

Cheers!

Microsoft Azure (IaaS) Cost Estimator Tool

One question that I get rather frequently: “How much would running my machines on top of Microsoft Azure really cost me?” (or something similar).

Well, you probably know that the first answer that comes to mind is “It depends.” (probably can be used on any occasion in IT, what do you think? Smile). I hope that the next step is “Well, let’s take a look what do have, what do you really use, what can be migrated, let’s profile the usage, and then we will calculate it (using Excel, of course), and…”.

Good news is that now you have the tool for this scenario, called Microsoft Azure (IaaS) Cost Estimator Tool! Smile

image

image

The tool itself looks very nice, and it’s easy to use (do I need to mention that this tool is also free?), so I really can’t think of a reason not to use it (or just give it a try). It also downloads the updated XML that verifies that the latest version is installed and that the latest pricing is used.

You can download this great tool here (it’s about 3,5 MB in size), with walkthrough here.

If it says that Microsoft Azure maybe is not right for you (based on the data you fed it with), you can still take a test-drive of Microsoft Azure, and decide for yourself (after all – it is a tool, it can be wrong Smile).

Have a nice day!

P.S. Let’s not forget about the awesome Microsoft Assessment and Planning (MAP) Toolkit, which is also freely available out there… Smile

Microsoft Azure Active Directory Premium trial is now available. What are you waiting for?

Well, for anyone who’s been asking when will it be available, it finally is – as of today, you can activate Microsoft Azure Active Directory Premium trial!

All that you need to do is the following:

  • login to your Microsoft Azure subscription
  • go to the Active Directory section
  • click on the directory on which you want to activate trial (or create a new one)
  • go to licenses section
  • click on the TRY AZURE ACTIVE DIRECTORY PREMIUM NOW link

image

  • after a few moments, trial with 100 licenses will be activated and it will stay active for 90 days

image

How cool is that??? Smile

UPDATE (July 1st, 2014): You can read more about it here. There is also a new, long-awaited feature, AAD Tenant Deletion, and you can find more about it here.

Have a great week ahead!

P.S. If you still don’t have Microsoft Azure (trial or the “paid version”), you can acquire it here.

Windows SBS Codename “Aurora” Preview

Maloprije sam dobio mail da je konačno dostupna beta verzija novog Small Business Servera, za sada poznatijeg pod kodnim imenom "Aurora".

Što nas točno očekuje u novoj verziji, još ne znam, ali evo nekih naznaka iz maila:

Windows Small Business Server Codename “Aurora” is part of the greatly anticipated next generation of our award winning Windows Small Business Server, and represents a significant departure from our traditional on premise version because Aurora will be Microsoft’s first server to deliver both on premises and cloud computing capabilities for small businesses.

Najzanimljivije mi zvuči upravo ovaj zadnji dio sa cloud computing capatibilities, ali o tome više kad završi preuzimanje "Aurore".

<

p>Ukoliko se želite priključiti beti (ili želite samo baciti pogled na novi SBS I otkriti u kojem kontekstu se koristi cloud), provjerite SBS dio na Microsoft Connect stranicama.