Project

General

Profile

Actions
History

Wiki »

Azure technical setup notes

Technical Configuration

To set up a free account, you must:

  • Get a Sponsorship (see Azure_VPS_setup_notes)
  • Create a Subscription linked to the Sponsorship (see Azure_VPS_setup_notes)
  • (Strongly recommended) Grant access to the subscription to other users.
  • Create a Resource Group linked to the Subscription
  • Create a Virtual Machine (and associated resources) linked to the Resource Group

Create a resource group

  • Select "Resource Groups" from the main Azure portal (left sidebar).
  • Select Create and give it a name.
  • Your subscription should be pre-selected since you only have the one.
  • Click Review and Create, then Create.

Create a virtual machine

  • Click on your new resource group in the Azure Portal.
  • Click Create.
  • Search for the name of the image you want (e.g. Debian 13 "Trixie).
    • If you picked an image that shows an hourly cost, it's the wrong one.

Basics page configuration

  • Set the virtual machine name (e.g. "wfa01" and pick a region. US East doesn't have many servers available, US East 2 does. Note that region affects cost, be careful when picking other regions.
  • Set the VM architecture to Arm64, then pick the image. My current standard server is the D2ps_v6.
    • "D2" is general-purpose VM, we always select this. "a" is AMD-series (old preference), "p" is ARM64, "d" is temp disk included (we don't need this), "s" supports premium SSD disks. v6 is the latest gen, always use the latest gen.
  • Set the username to you (jon in my case). Authentication type: SSH public key. SSH public key source: Use existing public key. SSH public key should be the key of the machine you intend to run Ansible from.
  • Select all 3 public inbound ports: 22, 80, 443.
  • Go to the Disks tab.

Disks tab configuration

  • Change the OS disk size to 128GB.
  • Optionally change "Premium SSD" to "standard SSD". I've wavered on this.
  • Click Review and create, wait for validation to finish, then click Create.

Post-provisioning configuration

Once the server is provisioned (takes a minute), click Go to resource.

Get serial console working

Serial console is necessary for single-user mode, and troubleshooting if SSH fails. It's normally working out of the box now. Go to "Serial Console" in the VM left navigation and ensure you see a Debian login screen.

Modify Firewall Rules

  • Click Networking settings in the side navigation.
  • You should see your firewall settings. They should look like the screenshot below, except they'll be missing the two items circled.
  • Add the "allow_ping" and "Port_5665" rules to the Inbound Port Rules as shown in the screenshot.
    • More recently, I've been restricting the Source on the Port_5665 rule to the Icinga server's IP.

Firewall Rules

Add a swapfile

Complete instructions are here but in short, add this to /etc/waagent.conf for an 8GB swapfile:

    ResourceDisk.Format=y
    ResourceDisk.EnableSwap=y
    ResourceDisk.SwapSizeMB=8192

Then run service walinuxagent restart.

Updated by Jon Goldberg 14 days ago · 2 revisions