Lab 008: Troubleshooting Public Virtual Network Configurations
Requirements
The Nautilus DevOps Team deployed an Nginx server on an Azure VM in a public VNet named xfusion-vnet. However, the server is still inaccessible from the internet.
As a DevOps team member, complete the following tasks:
- Verify VNet Configuration: Ensure xfusion-vnet allows internet access.
- Attach Public IP: A public IP named xfusion-pip already exists. Attach this public IP to the VM xfusion-vm to make it accessible from the internet.
- Ensure Accessibility: Confirm the VM xfusion-vm is accessible on port 80.
- Use the provided Azure credentials to troubleshoot and resolve the issue.
- Use Azure cli
Note
The solution can be implemented using both the Azure Cloud Console and the Azure CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the Azure Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.
Prerequisites
- Azure CLI is authenticated.
- VM
xfusion-vm, VNetxfusion-vnet, and public IPxfusion-pipalready exist.
Steps
RESOURCE_GROUP=$(az group list --query "[?contains(name, 'kml')].name | [0]" --output tsv)
VM_NAME="xfusion-vm"
PUBLIC_IP_NAME="xfusion-pip"
VNET_NAME="xfusion-vnet"
# Validate VNet exists
az network vnet show --resource-group "$RESOURCE_GROUP" --name "$VNET_NAME" --output table
# Identify VM NIC
NIC_NAME=$(az vm show \
--resource-group "$RESOURCE_GROUP" \
--name "$VM_NAME" \
--query "networkProfile.networkInterfaces[0].id" \
--output tsv | awk -F '/' '{print $NF}')
# Attach public IP to VM NIC
az network nic ip-config update \
--resource-group "$RESOURCE_GROUP" \
--nic-name "$NIC_NAME" \
--name "ipconfig1" \
--public-ip-address "$PUBLIC_IP_NAME"
# Ensure NSG has HTTP 80 allow rule
NSG_NAME=$(az network nic show --resource-group "$RESOURCE_GROUP" --name "$NIC_NAME" --query "networkSecurityGroup.id" --output tsv | awk -F '/' '{print $NF}')
az network nsg rule create \
--resource-group "$RESOURCE_GROUP" \
--nsg-name "$NSG_NAME" \
--name AllowHTTP \
--priority 100 \
--protocol Tcp \
--direction Inbound \
--access Allow \
--destination-port-ranges 80
# Ensure route table does not block internet route
ROUTE_TABLE_NAME=$(az network vnet show \
--resource-group "$RESOURCE_GROUP" \
--name "$VNET_NAME" \
--query "subnets[0].routeTable.id" \
--output tsv | awk -F '/' '{print $NF}')
if [ -n "$ROUTE_TABLE_NAME" ]; then
az network route-table route update \
--resource-group "$RESOURCE_GROUP" \
--route-table-name "$ROUTE_TABLE_NAME" \
--name "Block-Internet" \
--next-hop-type Internet 2>/dev/null || true
fi
VM_PUBLIC_IP=$(az network public-ip show --resource-group "$RESOURCE_GROUP" --name "$PUBLIC_IP_NAME" --query "ipAddress" --output tsv)
echo "VM Public IP: $VM_PUBLIC_IP"
Verification
- Confirm
xfusion-pipis attached toxfusion-vmNIC. - Confirm NSG has inbound TCP rule for port
80. - Confirm
curl http://<VM_PUBLIC_IP>returns Nginx response.