Azure VPS setup notes » History » Version 44
Jon Goldberg, 05/16/2023 10:01 PM
1 | 12 | Jon Goldberg | {{last_updated_at}} by {{last_updated_by}} |
---|---|---|---|
2 | |||
3 | 14 | Jon Goldberg | # Microsoft Azure - Setup |
4 | 6 | Jon Goldberg | |
5 | 14 | Jon Goldberg | ## For the Client |
6 | 6 | Jon Goldberg | |
7 | 22 | Jon Goldberg | Hi there! If I've directed you to this page, the part that concerns you are the first three sections only. It's a bit convoluted, so feel free to ask me if you run into trouble! -Jon |
8 | 14 | Jon Goldberg | |
9 | 1 | Jon Goldberg | [**NOTE**: Most of Microsoft's pages break with an ad blocker enabled.] |
10 | 6 | Jon Goldberg | |
11 | ### Get a Sponsorship |
||
12 | * [Go to the Nonprofit Microsoft Getting Started page](https://nonprofit.microsoft.com/en-us/getting-started). Fill out the paperwork to be approved as a 501c3. Approval can take 1 day or 3-4 weeks - I've seen both multiple times. |
||
13 | * Once approved, go to https://www.microsoft.com/en-us/nonprofits/azure to claim credits (or go directly to [Claiming Your Credits](https://nonprofit.microsoft.com/en-us/offers/azure). |
||
14 | 41 | Jon Goldberg | * You'll know you're successful because you'll see a sponsorship listed on the [Sponsorship Page](https://www.microsoftazuresponsorships.com/Balance). |
15 | 6 | Jon Goldberg | |
16 | ### Create a Subscription |
||
17 | |||
18 | 1 | Jon Goldberg | * Check that you have credits in your sponsored account: https://www.microsoftazuresponsorships.com/Balance |
19 | * Visit the [Azure Portal](https://portal.azure.com). |
||
20 | * Click the **Subscriptions** icon. |
||
21 | * Click the **Add** button. |
||
22 | * Add a subscription of type "Microsoft Azure Sponsorship" from the Azure portal. You will likely need to select **Show other subscription types** to see it. |
||
23 | * **Note**: Even sponsored subscriptions require a credit card, make sure you have one available. |
||
24 | |||
25 | 22 | Jon Goldberg | ### Grant access to other users |
26 | Microsoft is now enforcing two-factor authentication, so you need to create a separate user for me as your web vendor. |
||
27 | [Source](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator) for instructions |
||
28 | 26 | Jon Goldberg | * Open the new subscription by clicking on it from the **Subscriptions** page. |
29 | 22 | Jon Goldberg | * Click **Access Control (IAM)** in the left navigation bar. |
30 | 43 | Jon Goldberg | * At the top, press **Add » Add role assignment**. |
31 | * On the *Role* tab, go to the **Privileged administrator roles** subtab. |
||
32 | * Click **Owner** and press **Next**. |
||
33 | 25 | Jon Goldberg | * On the *Members* tab, set *Assign Access* to **User, group, or service principal**, and click **Select Members**. |
34 | 40 | Jon Goldberg | * In the *Search by name or email address* box, put the email of the new user and press **Select**. |
35 | * Click **Review and Assign**, then click **Review and Assign** again. |
||
36 | 22 | Jon Goldberg | At this point, they'll receive an email to either log in with an existing Microsoft account or to create a new one. |
37 | |||
38 | 42 | Jon Goldberg | ### On Renewals |
39 | You will need to renew every year. Instructions for this are incomplete - but you should look up your subscription ID in the Azure portal (will be a long string of numbers and letters), then go to https://www.microsoftazuresponsorships.com/Balance and assign your new credits to the existing subscription. |
||
40 | |||
41 | If you did not do this in time, you should be able to open a support ticket with Microsoft to request a refund. |
||
42 | |||
43 | 16 | Jon Goldberg | ## Technical Configuration |
44 | To set up a free account, you must: |
||
45 | * Get a Sponsorship (see above) |
||
46 | * Create a Subscription linked to the Sponsorship (see above) |
||
47 | * (Strongly recommended) Grant access to the subscription to other users. |
||
48 | * Create a Resource Group linked to the Subscription |
||
49 | * Create a Virtual Machine (and associated resources) linked to the Resource Group |
||
50 | 14 | Jon Goldberg | |
51 | ### Create a resource group |
||
52 | 6 | Jon Goldberg | * Select "Resource Group" from the main Azure portal. |
53 | 28 | Jon Goldberg | * Select **Create** and give it a name. |
54 | 1 | Jon Goldberg | * Your subscription should be pre-selected since you only have the one. |
55 | 23 | Jon Goldberg | * Click **Review and Create**, then **Create**. |
56 | 6 | Jon Goldberg | |
57 | 1 | Jon Goldberg | ### Create a virtual machine |
58 | 14 | Jon Goldberg | * Click on your new resource group in the Azure Portal. |
59 | 29 | Jon Goldberg | * Click **Create**. |
60 | 30 | Jon Goldberg | * Click **Create** under **Virtual MAchine**. |
61 | 29 | Jon Goldberg | * Search for the name of the image you want (e.g. `Debian 11 "Bullseye`). |
62 | 23 | Jon Goldberg | * If you picked an image that shows an hourly cost, it's probably the wrong one. |
63 | 31 | Jon Goldberg | * See the screenshots below for configuration of the "Basics" and "Disk" tabs. The other tabs I keep with the defaults. My standard VPS type is now `D2as_v5`. |
64 | * "D2" is general-purpose VM, we always select this. "a" is AMD-series, "d" is temp disk included (we don't need this), "s" supports premium SSD disks. |
||
65 | 9 | Jon Goldberg | * I've attached a downloaded template for this VM, which as of now I haven't used yet, not sure how it works. |
66 | |||
67 | ![Create a VM - Basics Tab](https://hq.megaphonetech.com/attachments/download/1771/Selection_999(010).png) |
||
68 | |||
69 | 15 | Jon Goldberg | ![Create a VM - Disks Tab](Selection_1016.png) |
70 | 6 | Jon Goldberg | |
71 | 14 | Jon Goldberg | ### Post-provisioning configuration |
72 | 10 | Jon Goldberg | |
73 | 37 | Jon Goldberg | #### Get serial console working |
74 | 1 | Jon Goldberg | Serial console is necessary for single-user mode, and troubleshooting if SSH fails. |
75 | * Go to **Boot Diagnostics** in the VM's left nav. |
||
76 | * Click **Settings** at the top. |
||
77 | 44 | Jon Goldberg | * Select **Enable with managed storage account**. |
78 | * Save. |
||
79 | 1 | Jon Goldberg | |
80 | 37 | Jon Goldberg | Now Serial Console will work. |
81 | |||
82 | 38 | Jon Goldberg | #### Partition and format the attached disk |
83 | Your VM will have an "OS disk" of 30GB it ships with. Your attached disk is unformatted. Partition and format the new disk (via SSH): |
||
84 | * Use `fdisk -l` to determine the attached disk and change the first command below accordingly. |
||
85 | 37 | Jon Goldberg | |
86 | ```shell |
||
87 | DISK=/dev/sdb |
||
88 | 38 | Jon Goldberg | sudo parted --script -a optimal $DISK mklabel gpt -- mkpart primary ext4 '0%' '100%' |
89 | sudo mkfs -t ext4 ${DISK}1 |
||
90 | 37 | Jon Goldberg | # install lsof and rsync |
91 | 1 | Jon Goldberg | apt install lsof rsync |
92 | 38 | Jon Goldberg | ``` |
93 | |||
94 | #### Mount the attached disk |
||
95 | From within *Serial Console*: |
||
96 | ```shell |
||
97 | DISK=/dev/sdb |
||
98 | 37 | Jon Goldberg | # Go to single-user mode |
99 | init 1 |
||
100 | 1 | Jon Goldberg | # Ensure that no files are open in /var. |
101 | # This should come back empty. (Note that recently it hasn't been but seems to work anyway). |
||
102 | 37 | Jon Goldberg | lsof | grep /var |
103 | # pkill anything that's running, e.g. `pkill hv_kvp_daemon`. It's OK if `systemd-journal` has files open. |
||
104 | 1 | Jon Goldberg | |
105 | 37 | Jon Goldberg | mount ${DISK}1 /mnt |
106 | 1 | Jon Goldberg | rsync -va /var/* /mnt |
107 | 37 | Jon Goldberg | mv /var /var.old |
108 | umount /mnt |
||
109 | mkdir /var |
||
110 | mount ${DISK}1 /var |
||
111 | |||
112 | # Get the UUID of the drive for fstab |
||
113 | 39 | Jon Goldberg | ```shell |
114 | # Look for the partition you just created |
||
115 | blkid |
||
116 | ``` |
||
117 | 37 | Jon Goldberg | |
118 | vi /etc/fstab |
||
119 | ``` |
||
120 | 14 | Jon Goldberg | Add the following line to `/etc/fstab`, subbing in *your* UUID: |
121 | 37 | Jon Goldberg | ``` |
122 | 6 | Jon Goldberg | UUID=13523269-c397-46a4-93b5-cb9f108489da /var ext4 defaults 0 1 |
123 | 37 | Jon Goldberg | ``` |
124 | 38 | Jon Goldberg | You can reboot now to see that everything looks good. Note that due to a bug in `cloud-init`, there's a 2-minute delay on every reboot in Debian 11 (fixed in Debian 12, will presumably be backported at some point). |
125 | 6 | Jon Goldberg | |
126 | 8 | Jon Goldberg | #### Modify Firewall Rules |
127 | * Click on your new virtual machine in the Azure portal. |
||
128 | 14 | Jon Goldberg | * Click **Networking** in the side navigation. |
129 | 6 | Jon Goldberg | * You should see your firewall settings. They should look like the screenshot below, except they'll be missing the two items circled. |
130 | * Add the "allow_ping" and "Port_5665" rules to the *Inbound Port Rules* as shown in the screenshot. |
||
131 | |||
132 | ![Firewall Rules](https://hq.megaphonetech.com/attachments/download/1772/Selection_999(012).png) |
||
133 | |||
134 | #### Add a swapfile |
||
135 | [Complete instructions are here](https://support.microsoft.com/en-us/help/4010058/how-to-add-a-swap-file-in-linux-azure-virtual-machines) but in short, add this to `/etc/waagent.conf` for an 8GB swapfile: |
||
136 | |||
137 | ``` |
||
138 | 27 | Jon Goldberg | ResourceDisk.Format=y |
139 | ResourceDisk.EnableSwap=y |
||
140 | ResourceDisk.SwapSizeMB=8192 |
||
141 | ``` |
||
142 | 1 | Jon Goldberg | |
143 | Then run `service walinuxagent restart`. |
||
144 | |||
145 | ## Post-deployment management |
||
146 | ### Adding a new disk |
||
147 | Add a disk by going to the virtual machine and clicking "Disk", not by "Add Resource". Then used the `parted` and `mkfs` commands from above. Don't forget to modify `/etc/fstab`! |