Lab 006: Deploying Virtual Machines in a Public Virtual Network
Requirements
The Nautilus DevOps Team has received a request from the Networking Team to set up a new public VNet to support a set of public-facing services. This VNet will host various resources that need to be accessible over the internet. As part of this setup, you need to ensure the VNet has public subnets with automatic public IP assignment for resources. Additionally, a new VM will be launched within this VNet to host public applications that require SSH access. This setup will enable the Networking Team to deploy and manage public-facing applications.
Create a public VNet named datacenter-pub-vnet, and a subnet named datacenter-pub-subnet under the same, make sure public IP is being auto-assigned to resources under this subnet. Further, create a VM named datacenter-pub-vm under this VNet. Make sure SSH port 22 is open for this instance and accessible over the internet. Use the Azure portal to complete the task and ensure that SSH access is configured correctly.
The solution can be implemented using both the Azure Cloud Console and the Azure CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the Azure Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.
Prerequisites
- Azure CLI is authenticated.
- A resource group containing
kmlexists. - SSH key
~/.ssh/id_rsa.pubexists.
Steps
RESOURCE_GROUP=$(az group list --query "[?contains(name, 'kml')].name | [0]" --output tsv)
LOCATION="eastus"
VNET_NAME="datacenter-pub-vnet"
SUBNET_NAME="datacenter-pub-subnet"
VM_NAME="datacenter-pub-vm"
VM_SIZE="Standard_B1s"
PUBLIC_IP_NAME="datacenter-pub-pip"
NSG_NAME="datacenter-pub-nsg"
az network vnet create \
--resource-group "$RESOURCE_GROUP" \
--name "$VNET_NAME" \
--address-prefix 10.0.0.0/16 \
--subnet-name "$SUBNET_NAME" \
--subnet-prefix 10.0.1.0/24 \
--location "$LOCATION"
az network nsg create \
--resource-group "$RESOURCE_GROUP" \
--name "$NSG_NAME" \
--location "$LOCATION"
az network nsg rule create \
--resource-group "$RESOURCE_GROUP" \
--nsg-name "$NSG_NAME" \
--name AllowSSH \
--protocol Tcp \
--direction Inbound \
--priority 1000 \
--source-address-prefixes '*' \
--source-port-ranges '*' \
--destination-address-prefixes '*' \
--destination-port-ranges 22 \
--access Allow
az network public-ip create \
--resource-group "$RESOURCE_GROUP" \
--name "$PUBLIC_IP_NAME" \
--allocation-method Static \
--location "$LOCATION"
az network nic create \
--resource-group "$RESOURCE_GROUP" \
--name "${VM_NAME}-nic" \
--vnet-name "$VNET_NAME" \
--subnet "$SUBNET_NAME" \
--network-security-group "$NSG_NAME" \
--public-ip-address "$PUBLIC_IP_NAME" \
--location "$LOCATION"
az vm create \
--resource-group "$RESOURCE_GROUP" \
--name "$VM_NAME" \
--nics "${VM_NAME}-nic" \
--image Ubuntu2404 \
--size "$VM_SIZE" \
--admin-username azureuser \
--ssh-key-values "$HOME/.ssh/id_rsa.pub" \
--os-disk-size-gb 128 \
--location "$LOCATION" \
--storage-sku Standard_LRS
PUBLIC_IP=$(az vm show --resource-group "$RESOURCE_GROUP" --name "$VM_NAME" --show-details --query "publicIps" --output tsv)
echo "VM is accessible via SSH at: $PUBLIC_IP"
Verification
- Confirm VNet
datacenter-pub-vnetand subnetdatacenter-pub-subnetexist. - Confirm NSG allows inbound TCP port
22. - Confirm VM
datacenter-pub-vmhas a public IP and is reachable with SSH.