Linux_azure
Chapter 92: Linux on Microsoft Azure
Section titled “Chapter 92: Linux on Microsoft Azure”Comprehensive Guide to Linux Administration on Azure
Section titled “Comprehensive Guide to Linux Administration on Azure”92.1 Azure Virtual Machines
Section titled “92.1 Azure Virtual Machines”Understanding Azure VMs
Section titled “Understanding Azure VMs”Microsoft Azure provides virtual machines running Linux in the cloud. Azure supports most major Linux distributions including Ubuntu, Red Hat, SUSE, Debian, and CentOS.
Azure VM Types+------------------------------------------------------------------+| || VM Sizes: || || +---------------------------+----------------------------------+|| | Family | Examples | Use Case ||| | ------------|------------|----------------------------------|| | A | A1-A7 | Basic dev/test ||| | B | B1s-Bms | Burstable (cost-effective) ||| | D | D2s-D64s_v3| General purpose ||| | E | E2s-E64s_v3| Memory optimized ||| | F | F2s-F64s_v2| Compute optimized ||| | G | G1-G5 | Storage optimized ||| | H | H8-H16 | High performance computing ||| | L | L4s-L32s | Storage (I/O intensive) ||| | M | M64s-M128s | Large in-memory ||| | N | N-ND24s | GPU (NVIDIA) ||| +---------------------------+----------------------------------+|| || Storage: || +----------------------------------------------------------+ || | OS Disk: Managed disk or storage account | || | Data Disks: Up to 32TB per VM | || | Temporary Disk: Local SSD (not persistent) | || | Azure Files: SMB shares | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Azure CLI Setup
Section titled “Azure CLI Setup”# Install Azure CLI# Option 1: Scriptcurl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
# Option 2: Package manager# Ubuntu/Debiancurl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft.gpgecho "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli focal main" | sudo tee /etc/apt/sources.list.d/azure-cli.listsudo apt update && sudo apt install azure-cli
# RHEL/CentOSsudo rpm --import https://packages.microsoft.com/keys/microsoft.ascsudo tee /etc/yum.repos.d/azure-cli.repo << EOF[azure-cli]name=Azure CLIbaseurl=https://packages.microsoft.com/yumrepos/azure-clienabled=1gpgcheck=1gpgkey=https://packages.microsoft.com/keys/microsoft.ascEOFsudo dnf install azure-cli
# Sign inaz loginaz login --use-device-code
# Set subscriptionaz account set --subscription "My Subscription"
# Show account infoaz account showVM Management
Section titled “VM Management”# List VMsaz vm listaz vm list --resource-group mygroup
# Create VMaz vm create \ --name myvm \ --resource-group mygroup \ --image UbuntuLTS \ --size Standard_D2s_v3 \ --admin-username azureuser \ --ssh-key-value ~/.ssh/id_rsa.pub
# Create VM with custom imageaz vm create \ --name myvm \ --resource-group mygroup \ --image /subscriptions/xxx/resourceGroups/mygroup/providers/Microsoft.Compute/images/myimage \ --size Standard_D2s_v3 \ --admin-username azureuser
# Start VMaz vm start --name myvm --resource-group mygroup
# Stop (deallocate)az vm stop --name myvm --resource-group mygroupaz vm deallocate --name myvm --resource-group mygroup
# Restartaz vm restart --name myvm --resource-group mygroup
# Resizeaz vm resize --name myvm --resource-group mygroup --size Standard_D4s_v3
# Deleteaz vm delete --name myvm --resource-group mygroup --yes
# Get instance viewaz vm get-instance-view --name myvm --resource-group mygroup
# VM statusaz vm show --name myvm --resource-group mygroupConnecting to Azure VMs
Section titled “Connecting to Azure VMs”# SSH (using public IP)ssh azureuser@40.x.x.x.x
# SSH with custom portssh -p 2222 azureuser@40.x.x.x.x
# Using Azure Bastion# From Azure Portal or CLI:az network bastion create \ --name mybastion \ --resource-group mygroup \ --vnet-name myvnet \ --subnet-name AzureBastionSubnet
# Connect via Bastion# az network bastion ssh --name mybastion --resource-group mygroup --target-resource-id <vm-resource-id> --username azureuser
# Password authentication (not recommended)az vm create \ --name myvm \ --resource-group mygroup \ --image UbuntuLTS \ --admin-password 'YourPassword123!'92.2 Azure Storage
Section titled “92.2 Azure Storage”Azure Disk Storage
Section titled “Azure Disk Storage” Azure Storage Types+------------------------------------------------------------------+| || Managed Disks: || +----------------------------------------------------------+ || | Ultra Disks | 4GB-64TB, 160K IOPS, 2000 MB/s | || | Premium SSD | P1-P80, 4GB-32TB, up to 80K IOPS | || | Standard SSD | E1-E80, 4GB-32TB, up to 20K IOPS | || | Standard HDD | L1-L80, 4GB-32TB, up to 2K IOPS | || +----------------------------------------------------------+ || || Unmanaged Disks: || +----------------------------------------------------------+ || | Uses Storage Accounts | || | Page Blobs for VHDs | || | Less expensive but more management | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+# Create managed diskaz disk create \ --name mydisk \ --resource-group mygroup \ --size-gb 10 \ --sku Standard_LRS
# Attach disk to VMaz vm disk attach \ --vm-name myvm \ --resource-group mygroup \ --name mydisk
# Detach diskaz vm disk detach \ --vm-name myvm \ --resource-group mygroup \ --name mydisk
# Create snapshotaz snapshot create \ --name mysnapshot \ --resource-group mygroup \ --source mydisk
# Create VM from snapshotaz vm create \ --name newvm \ --resource-group mygroup \ --attach-os-disk mysnapshot \ --os-type linuxAzure Blob Storage
Section titled “Azure Blob Storage”# Create storage accountaz storage account create \ --name mystorageaccount \ --resource-group mygroup \ --sku Standard_LRS \ --kind StorageV2
# Get connection stringaz storage account show-connection-string \ --name mystorageaccount \ --resource-group mygroup
# Create containeraz storage container create \ --name mycontainer \ --account-name mystorageaccount
# Upload blobaz storage blob upload \ --file /path/to/file.txt \ --container-name mycontainer \ --name blobname.txt \ --account-name mystorageaccount
# Download blobaz storage blob download \ --container-name mycontainer \ --name blobname.txt \ --file /path/to/download.txt \ --account-name mystorageaccount
# List blobsaz storage blob list \ --container-name mycontainer \ --account-name mystorageaccount
# Copy blobaz storage blob copy start \ --destination-container mycontainer \ --destination-blob newfile.txt \ --source-uri https://source.blob.core.windows.net/container/source.txt \ --account-name mystorageaccountAzure Files (SMB)
Section titled “Azure Files (SMB)”# Create file shareaz storage share-rm create \ --name myshare \ --storage-account mystorageaccount
# Install cifs-utilssudo apt install cifs-utils
# Mount (Linux)sudo mount -t cifs //mystorageaccount.file.core.windows.net/myshare /mnt/azurefiles \ -o vers=3.0,username=mystorageaccount,password=<storage-key>
# Or using mount.cifs with credential file# /etc/fstab entry://mystorageaccount.file.core.windows.net/myshare /mnt/azurefiles cifs vers=3.0,credentials=/etc/smbcredentials/mystorageaccount.cred 0 092.3 Azure Networking
Section titled “92.3 Azure Networking”Virtual Networks
Section titled “Virtual Networks”# Create VNetaz network vnet create \ --name myvnet \ --resource-group mygroup \ --address-prefixes 10.0.0.0/16 \ --subnet-name mysubnet \ --subnet-prefix 10.0.0.0/24
# Create NSG (Network Security Group)az network nsg create \ --name mynsg \ --resource-group mygroup
# Add NSG ruleaz network nsg rule create \ --name allow-ssh \ --nsg-name mynsg \ --resource-group mygroup \ --priority 1000 \ --protocol tcp \ --direction inbound \ --source-address-prefixes '*' \ --source-port-ranges '*' \ --destination-address-prefixes '*' \ --destination-port-ranges 22 \ --access allow
# Associate NSG with subnetaz network vnet subnet update \ --vnet-name myvnet \ --name mysubnet \ --resource-group mygroup \ --network-security-group mynsg
# Create public IPaz network public-ip create \ --name myip \ --resource-group mygroup \ --allocation-method Dynamic
# Create NICaz network nic create \ --name mynic \ --resource-group mygroup \ --vnet-name myvnet \ --subnet mysubnet \ --public-ip-address myip \ --nsg mynsg92.4 Azure Identity and Access
Section titled “92.4 Azure Identity and Access”Managing Access
Section titled “Managing Access”# List subscriptionsaz account list -o table
# Show current subscriptionaz account show
# Create service principalaz ad sp create-for-rbac \ --name myserviceprincipal \ --role Contributor \ --scope /subscriptions/<subscription-id>/resourceGroups/mygroup
# Get service principal credentialsaz ad sp credential reset \ --name myserviceprincipal
# Assign roleaz role assignment create \ --assignee user@domain.com \ --role Reader \ --resource-group mygroup
# List role assignmentsaz role assignment list \ --resource-group mygroup
# Azure AD authentication for VMsaz vm identity assign \ --name myvm \ --resource-group mygroup
# Get MSI tokencurl -H "Metadata: true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com"92.5 Azure Monitor
Section titled “92.5 Azure Monitor”Monitoring and Diagnostics
Section titled “Monitoring and Diagnostics”# Enable boot diagnosticsaz vm boot-diagnostics enable \ --name myvm \ --resource-group mygroup \ --storage https://mystorageaccount.blob.core.windows.net/
# Get boot diagnosticsaz vm boot-diagnostics get-boot-log \ --name myvm \ --resource-group mygroup
# View metricsaz monitor metrics list \ --resource /subscriptions/xxx/resourceGroups/mygroup/providers/Microsoft.Compute/virtualMachines/myvm \ --metric-names "Percentage CPU"
# Create alertaz monitor metrics alert create \ --name high-cpu-alert \ --resource-group mygroup \ --condition "avg Percentage CPU > 80" \ --description "CPU usage is above 80%" \ --window-size 5m \ --evaluation-frequency 1m
# Log Analytics# Install agent on VMsudo wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh -O onboard_agent.shsudo bash onboard_agent.sh -w <workspace-id> -s <workspace-key>92.6 Azure Backup
Section titled “92.6 Azure Backup”VM Backup
Section titled “VM Backup”# Create Recovery Services vaultaz backup vault create \ --name myvault \ --resource-group mygroup \ --location eastus
# Enable backup for VMaz backup protection enable-for-vm \ --vault-name myvault \ --resource-group mygroup \ --vm myvm
# Trigger backupaz backup protection backup-now \ --vault-name myvault \ --resource-group mygroup \ --container-name myvm \ --item-name myvm
# List backupsaz backup job list \ --vault-name myvault \ --resource-group mygroup
# Restore VMaz backup restore restore-disks \ --vault-name myvault \ --resource-group mygroup \ --container-name myvm \ --item-name myvm \ --target-storage-account mystorageaccount \ --backup-storage-recovery-tier Standard92.7 Azure Arc
Section titled “92.7 Azure Arc”Hybrid Management
Section titled “Hybrid Management”# Register Azure Arc providersaz provider register --namespace Microsoft.HybridComputeaz provider register --namespace Microsoft.GuestConfiguration
# Connect on-premises Linux to Azure Arc# Download and run script from Azure Portalazcmagent connect \ --subscription-id <id> \ --resource-group mygroup \ --location eastus \ --tenant-id <tenant> \ --service-principal-app-id <app-id> \ --service-principal-secret <secret> \ --cloud azure
# List Arc-enabled serversaz connectedmachine list \ --resource-group mygroup92.8 Interview Questions
Section titled “92.8 Interview Questions”Basic Questions
Section titled “Basic Questions”-
What is Azure?
- Microsoft’s cloud computing platform
-
How do you connect to an Azure VM?
- SSH with username and key, or Azure Bastion
-
What is Azure CLI?
- Command-line interface for Azure management
-
What are managed disks?
- Simplified disk storage managed by Azure
-
What is Azure Files?
- Fully managed file shares using SMB protocol
Intermediate Questions
Section titled “Intermediate Questions”-
What is the difference between stop and deallocate?
- Stop: VM stopped but resources allocated; Deallocate: releases resources (no charges)
-
What is Azure Bastion?
- Secure RDP/SSH access without public IPs
-
What are Azure Network Security Groups?
- Virtual firewall for controlling network traffic
-
How do you back up Azure VMs?
- Azure Backup service
-
What is Azure Monitor?
- Comprehensive monitoring solution for Azure resources
Advanced Questions
Section titled “Advanced Questions”-
How do you secure Azure VMs?
- NSGs, Azure Defender, patching, Azure AD authentication
-
What is the difference between Premium SSD and Ultra disks?
- Ultra has higher performance and can be resized without restart
-
How do you automate Azure VM deployment?
- ARM templates, Terraform, Azure CLI scripts
-
What is Azure Arc?
- Hybrid cloud management extending Azure to on-premises
-
How do you monitor Azure VM performance?
- Azure Monitor, VM insights, Log Analytics
Summary
Section titled “Summary” Quick Reference+------------------------------------------------------------------+| || Azure CLI: || +----------------------------------------------------------+ || | az login | Sign in | || | az vm list | List VMs | || | az vm create | Create VM | || | az vm start/stop | Control VM | || +----------------------------------------------------------+ || || Storage: || +----------------------------------------------------------+ || | az storage account create | Create storage | || | az storage blob upload | Upload to blob | || | az disk create | Create managed disk | || +----------------------------------------------------------+ || || Networking: || +----------------------------------------------------------+ || | az network vnet create | Create VNet | || | az network nsg create | Create NSG | || | az network public-ip create | Create public IP | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+