Lab 003: Automating User Data Configuration Using the CLI
Requirements
The Nautilus DevOps Team is working on setting up a new virtual machine (VM) to host a web server for a critical application. The team lead has requested you to create an Azure VM that will serve as a web server using Nginx. This VM will be part of the initial infrastructure setup for the Nautilus project. Ensuring that the server is correctly configured and accessible from the internet is crucial for the upcoming deployment phase.
As a member of the Nautilus DevOps Team, your task is to create a VM using Azure CLI with the following specifications:
Instance Name: The VM must be named devops-vm.
Image: Use any available Ubuntu image to create this VM.
Custom Script Extension/User Data: Configure the VM to run a custom script during its launch. This script should:
Install the Nginx package. Start the Nginx service. Network Security Group (NSG): Ensure that the VM allows HTTP traffic on port 80 from the internet.
Instructions:
- Use Azure CLI commands to set up the VM in the specified configuration.
- Ensure the VM is accessible from the internet on port 80.
- The Nginx service should be running after setup.
- Create the resources only in the East US region.
The solution can be implemented using both the Azure Cloud Console and the Azure CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the Azure Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.
Prerequisites
- You are already authenticated with Azure CLI on the KKE client host.
- A target resource group already exists in the lab environment. The commands below auto-detect the first resource group whose name contains
kml. - A local SSH key is required for the
azureuseraccount. If it does not already exist, the workflow below creates it.
Steps
# Discover the lab resource group
RESOURCE_GROUP=$(az group list --query "[?contains(name, 'kml')].name | [0]" --output tsv)
LOCATION="eastus"
VM_NAME="devops-vm"
VM_IMAGE="Ubuntu2404"
VM_SIZE="Standard_B1s"
ADMIN_USERNAME="azureuser"
SSH_KEY_PATH="$HOME/.ssh/id_rsa.pub"
NSG_NAME="${VM_NAME}-nsg"
CLOUD_INIT_FILE="cloud-init-nginx.yaml"
# Create an SSH key if one does not already exist
if [ ! -f "$SSH_KEY_PATH" ]; then
ssh-keygen -t rsa -b 2048 -f "${SSH_KEY_PATH%.pub}" -q -N ""
fi
# Create cloud-init user data for Nginx installation and startup
cat > "$CLOUD_INIT_FILE" <<'EOF'
#cloud-config
package_update: true
packages:
- nginx
runcmd:
- systemctl enable nginx
- systemctl start nginx
EOF
# Create a network security group and allow HTTP traffic on port 80
az network nsg create \
--resource-group "$RESOURCE_GROUP" \
--name "$NSG_NAME" \
--location "$LOCATION"
az network nsg rule create \
--resource-group "$RESOURCE_GROUP" \
--nsg-name "$NSG_NAME" \
--name AllowHTTP \
--priority 1000 \
--protocol Tcp \
--direction Inbound \
--source-address-prefixes Internet \
--source-port-ranges '*' \
--destination-address-prefixes '*' \
--destination-port-ranges 80 \
--access Allow
# Create the VM in East US with cloud-init user data
az vm create \
--resource-group "$RESOURCE_GROUP" \
--name "$VM_NAME" \
--image "$VM_IMAGE" \
--size "$VM_SIZE" \
--admin-username "$ADMIN_USERNAME" \
--ssh-key-values "$SSH_KEY_PATH" \
--location "$LOCATION" \
--storage-sku Standard_LRS \
--nsg "$NSG_NAME" \
--custom-data "$CLOUD_INIT_FILE" \
--output table
# Fetch the VM public IP address
VM_PUBLIC_IP=$(az vm list-ip-addresses \
--resource-group "$RESOURCE_GROUP" \
--name "$VM_NAME" \
--query "[].virtualMachine.network.publicIpAddresses[0].ipAddress" \
--output tsv)
echo "VM Public IP: $VM_PUBLIC_IP"
# Verify the web server response
curl -I "http://$VM_PUBLIC_IP"
Verification
- Confirm the VM was created in the
eastusregion. - Confirm the NSG rule
AllowHTTPexists and exposes port80. - Open
http://<VM_PUBLIC_IP>in a browser or runcurl -I "http://$VM_PUBLIC_IP"and confirm you receive an HTTP response from Nginx. - If you need deeper validation, connect to the VM and run
systemctl status nginx.