Megaphone Commons

# Azure technical setup notes

## Technical Configuration

To set up a free account, you must:

* Get a Sponsorship (see [[Azure_VPS_setup_notes]])

* Create a Subscription linked to the Sponsorship (see [[Azure_VPS_setup_notes]])

* (Strongly recommended) Grant access to the subscription to other users.

* Create a Resource Group linked to the Subscription

* Create a Virtual Machine (and associated resources) linked to the Resource Group

### Create a resource group

* Select "Resource Groups" from the main Azure portal (left sidebar).

* Select **Create** and give it a name.

* Your subscription should be pre-selected since you only have the one.

* Click **Review and Create**, then **Create**.

### Create a virtual machine

* Click on your new resource group in the Azure Portal.

* Click **Create**.

* Search for the name of the image you want (e.g. `Debian 13 "Trixie`).

 * If you picked an image that shows an hourly cost, it's the wrong one.

#### Basics page configuration

* Set the virtual machine name (e.g. "wfa01" and pick a region.  US East doesn't have many servers available, US East 2 does. Note that region affects cost, be careful when picking other regions.

* Set the VM architecture to Arm64, *then* pick the image.  My current standard server is the D2ps_v6. 

 * "D2" is general-purpose VM, we always select this.  "a" is AMD-series (old preference), "p" is ARM64, "d" is temp disk included (we don't need this), "s" supports premium SSD disks. v6 is the latest gen, always use the latest gen.

* Set the username to you (`jon` in my case). Authentication type: SSH public key. SSH public key source: Use existing public key. SSH public key should be the key of the machine you intend to run Ansible from.

* Select all 3 public inbound ports: 22, 80, 443.

* Go to the **Disks** tab.

#### Disks tab configuration

* Change the OS disk size to 128GB.

* Optionally change "Premium SSD" to "standard SSD". I've wavered on this.

* Click **Review and create**, wait for validation to finish, then click **Create**.

### Post-provisioning configuration

Once the server is provisioned (takes a minute), click **Go to resource**.

#### Get serial console working

Serial console is necessary for single-user mode, and troubleshooting if SSH fails.  It's normally working out of the box now.  Go to "Serial Console" in the VM left navigation and ensure you see a Debian login screen.

#### Modify Firewall Rules

* Click **Networking settings** in the side navigation.

* You should see your firewall settings.  They should look like the screenshot below, except they'll be missing the two items circled.

* Add the "allow_ping" and "Port_5665" rules to the *Inbound Port Rules* as shown in the screenshot.

 * More recently, I've been restricting the *Source* on the *Port_5665* rule to the Icinga server's IP.

![Firewall Rules](https://hq.megaphonetech.com/attachments/download/1772/Selection_999(012).png)

#### Add a swapfile

[Complete instructions are here](https://support.microsoft.com/en-us/help/4010058/how-to-add-a-swap-file-in-linux-azure-virtual-machines) but in short, add this to `/etc/waagent.conf` for an 8GB swapfile:

```

    ResourceDisk.Format=y

    ResourceDisk.EnableSwap=y

    ResourceDisk.SwapSizeMB=8192

```

Then run `service walinuxagent restart`.