Přeskočit na hlavní obsah

Clean-up blobs in Azure storage account with Azure CLI

If you realize at some point of your bright Azure future you don't remove VM disks correctly (like me in JCLOUDS-1170) you'll probably want to do a storage account clean up. Here is, how I did it on my linux desktop using Azure CLI.

As I wanted to keep some private OS images which were located in the storage account too, I moved them first into a newly created storage container.

# Prerequisities
  • installed azure-cli (I personally use the latest docker image microsoft/azure-cli with the tool)
  • installed jq tool for parsing JSON

# Set up


# Move/backup OS images to a new container

# create new storage container for OS image blobs
azure storage container create -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" os-images

# linux images to be kept
for IMG in eap-7-rhel-7.2 eap-7-rhel-7.2-service; do
ORIG_BLOB=$(azure vm image show --json $IMG | jq -Mr '.mediaLinkUri')
echo "Original blob URL: $ORIG_BLOB"
# delete image, but keep the blob in storage account
azure vm image delete $IMG
# copy the blob to a new container and create image from it
azure vm image create --blob-url https://$STORAGE_ACCOUNT.blob.core.windows.net/os-images/$IMG.vhd --os linux --source-key "$STORAGE_KEY" $IMG $ORIG_BLOB

# Remove containers (with blobs)

# list container names (without the newly created one) to be removed
azure storage container list -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" --json | jq -rM '.[] | .name' |grep -v os-images > /tmp/containers.txt

# for each container remove all blobs in it and then remove container
for CONTAINER in `cat /tmp/containers.txt`; do
azure storage blob list -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" --json $CONTAINER | jq -rM '.[] | .name' > /tmp/vhds.txt
for BLOB in `cat /tmp/vhds.txt`; do
echo "Removing $BLOB"
# let's try to breake blob lease (if there exists one), otherwise we'll not be able to remove it
azure storage blob lease break -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" $CONTAINER $BLOB
# remove blob
azure storage blob delete -q -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" $CONTAINER $BLOB
# let's try to breake container lease (if there exists one), otherwise we'll not be able to remove it
azure storage container lease break -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" $CONTAINER
# remove storage container
azure storage container delete -q -a $STORAGE_ACCOUNT -k "$STORAGE_KEY" $CONTAINER


Populární příspěvky z tohoto blogu

Three ways to redirect HTTP requests to HTTPs in WildFly and JBoss EAP

WildFly application server (and JBoss EAP) supports several simple ways how to redirect the communication from plain HTTP to TLS protected HTTPs. This article presents 3 ways. Two are on the application level and the last one is on the server level valid for requests to all deployments. 1. Request confidentiality in the deployment descriptor The first way is based on the Servlet specification. You need to specify which URLs should be protected in the web.xml deployment descriptor. It's the same approach as the one used for specifying which URLs require authentication/authorization. Just instead of requesting an assigned role, you request a transport-guarantee . Sample content of the WEB-INF/web.xml <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1

JSignPKCS11 - when your smartcard is too smart

TL;DR Yes, you can add digital signatures in Java even when you use newer hardware tokens such as Gemalto SafeNet eToken 5110 CC. JSignPKCS11 might help. Maybe you've seen the infamous PKCS11 error message CKR_USER_NOT_LOGGED_IN already. Thrown even when the SunPKCS11 security provider and the keystore settings were properly configured for your hardware token. java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:685) at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1404) at java.base/java.security.Signature.sign(Signature.java:713) ... Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method) at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:664)

Simple TLS certificates in WildFly 18

It's just 2 weeks when WildFly 18 was released. It includes nice improvements in TLS certificates handling through ACME protocol (Automatic Certificate Management Environment), it greatly simplifies obtaining valid HTTPS certificates. There was already a support for the Let's Encrypt CA in WildFly 14 as Farah Juma described in her blog post last year. New WildFly version allows using other CA-s with ACME protocol support. It also adds new switch --lets-encrypt to interactive mode of security enable-ssl-http-server JBoss CLI commands. Let's try it. Before we jump on WildFly configuration, let's just mention the HTTPs can be used even in the default configuration and a self-signed certificate is generated on the fly. Nevertheless, it's not secure and you should not use it for any other purpose than testing. Use Let's Encrypt signed certificate for HTTPs application interface Start WildFly on a machine with the public IP address. Run it on the defaul