Azure VPS setup notes » History » Version 17
Jon Goldberg, 01/20/2021 08:50 PM
1 | 12 | Jon Goldberg | {{last_updated_at}} by {{last_updated_by}} |
---|---|---|---|
2 | |||
3 | 14 | Jon Goldberg | # Microsoft Azure - Setup |
4 | 6 | Jon Goldberg | |
5 | 14 | Jon Goldberg | ## For the Client |
6 | 6 | Jon Goldberg | |
7 | 14 | Jon Goldberg | Hi there! If I've directed you to this page, the part that concerns you are the first two sections only. It's a bit convoluted, so feel free to ask me if you run into trouble! -Jon |
8 | |||
9 | 1 | Jon Goldberg | [**NOTE**: Most of Microsoft's pages break with an ad blocker enabled.] |
10 | 6 | Jon Goldberg | |
11 | ### Get a Sponsorship |
||
12 | * [Go to the Nonprofit Microsoft Getting Started page](https://nonprofit.microsoft.com/en-us/getting-started). Fill out the paperwork to be approved as a 501c3. Approval can take 1 day or 3-4 weeks - I've seen both multiple times. |
||
13 | * Once approved, go to https://www.microsoft.com/en-us/nonprofits/azure to claim credits (or go directly to [Claiming Your Credits](https://nonprofit.microsoft.com/en-us/offers/azure). |
||
14 | 14 | Jon Goldberg | * You'll know your successful because you'll see a sponsorship listed on the [Sponsorship Page](https://www.microsoftazuresponsorships.com/Balance). |
15 | 6 | Jon Goldberg | |
16 | ### Create a Subscription |
||
17 | |||
18 | 1 | Jon Goldberg | * Check that you have credits in your sponsored account: https://www.microsoftazuresponsorships.com/Balance |
19 | * Visit the [Azure Portal](https://portal.azure.com). |
||
20 | * Click the **Subscriptions** icon. |
||
21 | * Click the **Add** button. |
||
22 | * Add a subscription of type "Microsoft Azure Sponsorship" from the Azure portal. You will likely need to select **Show other subscription types** to see it. |
||
23 | * **Note**: Even sponsored subscriptions require a credit card, make sure you have one available. |
||
24 | |||
25 | 14 | Jon Goldberg | ## Technical Configuration |
26 | To set up a free account, you must: |
||
27 | * Get a Sponsorship (see above) |
||
28 | 1 | Jon Goldberg | * Create a Subscription linked to the Sponsorship (see above) |
29 | 16 | Jon Goldberg | * (Strongly recommended) Grant access to the subscription to other users. |
30 | 14 | Jon Goldberg | * Create a Resource Group linked to the Subscription |
31 | 1 | Jon Goldberg | * Create a Virtual Machine (and associated resources) linked to the Resource Group |
32 | 16 | Jon Goldberg | |
33 | ### Grant access to other users |
||
34 | Microsoft logins now require 2-factor authentication, and the client owns the main account. The web vendor (Megaphone Tech, presumably) needs separate logins. |
||
35 | [Source](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator) for instructions |
||
36 | * Open the new subscription. |
||
37 | * Click **Access Control (IAM)** in the left navigation bar. |
||
38 | * Under *Grant access to this resource*, click **Add role assignments**. |
||
39 | * *Role* should be **Owner**. In *Search by name or email address*, put the email of the new user and press **Save**. |
||
40 | At this point, they'll receive an email to either log in with an existing Microsoft account or to create a new one. With the owner role, the rest of this setup can be done as easily from their account. |
||
41 | 14 | Jon Goldberg | |
42 | ### Create a resource group |
||
43 | 6 | Jon Goldberg | * Select "Resource Group" from the main Azure portal. |
44 | * Select **Add** and give it a name. |
||
45 | 1 | Jon Goldberg | * Your subscription should be pre-selected since you only have the one. |
46 | 6 | Jon Goldberg | * Click **Review and Create**. |
47 | |||
48 | 14 | Jon Goldberg | ### Create a virtual machine |
49 | 6 | Jon Goldberg | * Click on your new resource group in the Azure Portal. |
50 | 1 | Jon Goldberg | * Click **Add**. |
51 | * Search for the name of the image you want (e.g. Debian). |
||
52 | 6 | Jon Goldberg | * See the screenshots below for configuration of the "Basics" and "Disk" tabs. The other tabs I keep with the defaults. |
53 | 9 | Jon Goldberg | * I've attached a downloaded template for this VM, which as of now I haven't used yet, not sure how it works. |
54 | |||
55 | ![Create a VM - Basics Tab](https://hq.megaphonetech.com/attachments/download/1771/Selection_999(010).png) |
||
56 | |||
57 | 15 | Jon Goldberg | ![Create a VM - Disks Tab](Selection_1016.png) |
58 | 6 | Jon Goldberg | |
59 | 14 | Jon Goldberg | ### Post-provisioning configuration |
60 | 10 | Jon Goldberg | |
61 | 14 | Jon Goldberg | #### Partition and format the attached disk |
62 | 10 | Jon Goldberg | Your VM (if it's D2s v3) will have an "OS disk" of 30GB it ships with. Your attached disk is unformatted. Partition and format the new disk with: |
63 | |||
64 | ```shell |
||
65 | sudo parted --script -a optimal /dev/sdb mklabel gpt -- mkpart primary ext4 '0%' '100%' |
||
66 | 1 | Jon Goldberg | sudo mkfs -t ext4 /dev/sdb1 |
67 | 10 | Jon Goldberg | ``` |
68 | 17 | Jon Goldberg | |
69 | #### Ensure access to the serial console |
||
70 | * Select your virtual machine in the Azure Portal. |
||
71 | * In the left navigation, select **Serial console**. |
||
72 | You may be told you don't have access. You will need at least one account where the password has been set. You may also need to create a "custom storage account" by going to **Boot diagnostics** in the virtual machine's left navigation and selecting **Settings**. Rebooting at this point may also be necessary. |
||
73 | |||
74 | 14 | Jon Goldberg | #### Mount the attached disk |
75 | 11 | Jon Goldberg | Using the Microsoft Azure serial console, [follow these directions](https://unix.stackexchange.com/questions/131311/moving-var-home-to-separate-partition) for moving the contents of the `/var` directory to the attached disk and mount it. |
76 | 10 | Jon Goldberg | |
77 | 14 | Jon Goldberg | #### Modify Firewall Rules |
78 | 6 | Jon Goldberg | * Click on your new virtual machine in the Azure portal. |
79 | * Click **Networking** in the side navigation. |
||
80 | * You should see your firewall settings. They should look like the screenshot below, except they'll be missing the two items circled. |
||
81 | * Add the "allow_ping" and "Port_5665" rules to the *Inbound Port Rules* as shown in the screenshot. |
||
82 | |||
83 | 8 | Jon Goldberg | ![Firewall Rules](https://hq.megaphonetech.com/attachments/download/1772/Selection_999(012).png) |
84 | |||
85 | 14 | Jon Goldberg | #### Add a swapfile |
86 | 6 | Jon Goldberg | [Complete instructions are here](https://support.microsoft.com/en-us/help/4010058/how-to-add-a-swap-file-in-linux-azure-virtual-machines) but in short, add this to `/etc/waagent.conf` for an 8GB swapfile: |
87 | |||
88 | ``` |
||
89 | ResourceDisk.Format=y |
||
90 | ResourceDisk.EnableSwap=y |
||
91 | ResourceDisk.SwapSizeMB=8192 |
||
92 | ``` |
||
93 | |||
94 | Then run `service walinuxagent restart`. |