Chapter 3. Deploying a RHEL image as a compute instance on Azure


To use a RHEL image on Microsoft Azure, convert the image to an Azure-compatible format and deploy a VM from the image to run as an Azure Compute VM. To create, customize, and deploy a RHEL Virtual Hard Disk (.vhd) as an Azure Disk Image format, you can use one of the following methods:

  • Use the Red Hat image builder. For instructions, see Preparing and uploading VHD images to Microsoft Azure.
  • Manually create and configure a VHD. This is a more complicated process but offers more granular customization options. For details, see the following sections.

Prerequisites

3.1. Available RHEL image types for public cloud

To deploy your RHEL virtual machine VM on a certified cloud service provider (CCSP), you can use a number of options. The following table lists the available image types, subscriptions, considerations, and sample scenarios for the image types.

Note

To deploy customized ISO images, you can use Red Hat Image Builder. With Image Builder, you can create, upload, and deploy these custom images specific to your chosen CCSP.

Table 3.1. Image options
Image typesSubscriptionsConsiderationsSample scenario

Deploy a Red Hat gold image

Use your existing Red Hat subscriptions

The subscriptions include the Red Hat product cost and support for Cloud Access images, while you pay the CCSP for all other instance costs

Select a Red Hat gold image on the CCSP. For details on gold images and how to access them on the CCSP, see the Red Hat Cloud Access Reference Guide

Deploy a custom image that you move to the CCSP

Use your existing Red Hat subscriptions

The subscriptions includes the Red Hat product cost and support for custom RHEL image, while you pay the CCSP for all other instance costs

Upload your custom image and attach your subscriptions

Deploy an existing RHEL based custom machine image

The custom machine images include a RHEL image

You pay the CCSP on an hourly basis based on a pay-as-you-go model. For this model, on-demand images are available on the CCSP marketplace. The CCSP provides support for these images, while Red Hat handles updates. The CCSP provides updates through the Red Hat Update Infrastructure (RHUI)

Select a RHEL image when you launch an instance on the CCSP cloud management console, or choose an image from the CCSP marketplace.

Important

You cannot convert an on-demand instance to a custom RHEL instance. For migrating from an on-demand image to a custom RHEL bring your own subscription (BYOS) image:

  • Create a new custom RHEL instance, then migrate data from your on-demand instance.
  • When your data migration is completed, terminate the on-demand instance to avoid additional billing.

Next steps

3.2. Required system packages

To create and configure a base image of RHEL, your host system must have the following packages installed.

Table 3.2. System packages
PackageRepositoryDescription

libvirt

rhel-10-for-x86_64-appstream-rpms

Open source API, daemon, and management tool for managing platform virtualization

virt-install

rhel-10-for-x86_64-appstream-rpms

A command-line utility for building VMs

libguestfs

rhel-10-for-x86_64-appstream-rpms

A library for accessing and modifying VM file systems

guestfs-tools

rhel-10-for-x86_64-appstream-rpms

System administration tools for VMs; includes the virt-customize utility

Next steps

3.3. Deploying a RHEL instance by using a custom base image

To manually configure a virtual machine (VM), first create a base (starter) image. Then, you can modify configuration settings and add the packages the VM requires to operate on the cloud. You can also make additional configuration changes for your specific application after you upload the image.

To prepare a cloud image of RHEL, follow the instructions in the sections below. To prepare a Hyper-V cloud image of RHEL, see the Prepare a Red Hat-based virtual machine from Hyper-V Manager.

Creating a VM from a base image has the following advantages:

  • Fully customizable
  • High flexibility for any use case
  • Lightweight - includes only the operating system and the required runtime libraries

To create a custom base image of RHEL from an ISO image, you can use the command line interface (CLI) or the web console for creating and configuring VM.

Note

Vertify the following VM configurations.

Settings are enabled either during the initial VM creation or provising VM image to Azure cloud.

  • ssh - ssh must be enabled to provide remote access to your VMs
  • dhcp - the primary virtual adapter should be configured for dhcp.
  • Swap Space - Do not create a dedicated swap file or swap partition. You can configure swap space with the Windows Azure Linux Agent (WALinuxAgent).
  • NIC - Choose virtio for the primary virtual network adapter.
  • Encryption - For custom images, use Network Bound Disk Encryption (NBDE) for full disk encryption on Azure.

Prerequisites

  • You have checked the required list of system packages.
  • You have enabled virtualization on the host machine.
  • For web console, ensure the following options:

    • You have not checked the Immediately Start VM option.
    • You have already changed the Memory size to your preferred settings.
    • You have changed the Model option under Virtual Network Interface Settings to virtio and vCPUs to the capacity settings for the VM.

Procedure

  1. Configure the Red Hat Enterprise Linux VM:

    1. To install from the command line (CLI), ensure that you set the default memory, network interfaces, and CPUs as per your requirement for the VM. For details, see Creating virtual machines by using the command line
    2. To install from the web console, see Creating virtual machines by using the web console
  2. When the installation starts:

    1. Create a root password.
    2. Create an administrative user account.
  3. After the installation completes, reboot the VM and log in to the root account.
  4. After logging in as root, you can configure the image.
  5. Register the VM and enable the RHEL repository:

    # subscription-manager register --auto-attach
    Copy to Clipboard

Verification

  • Verify that the cloud-init package is installed and enabled:

    # dnf install cloud-init
    # systemctl enable --now cloud-init.service
    Copy to Clipboard
  • Power down the VM.

Next steps

3.4. Installing the Azure CLI

By using the Azure Command-Line Interface (CLI), you can connect to Azure Cloud and manage Azure resources directly from your host terminal.

Prerequisites

Procedure

  1. Import the Microsoft repository key:

    $ sudo dnf --import https://packages.microsoft.com/keys/microsoft.asc
    Copy to Clipboard
  2. Create a local Azure CLI repository entry:

    $ sudo sh -c 'echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'
    Copy to Clipboard
  3. Update the dnf package index:

    $ sudo dnf update
    Copy to Clipboard
  4. Install the Azure CLI:

    $ sudo dnf install -y azure-cli
    Copy to Clipboard
  5. Run the Azure CLI:

    $ az login
    Copy to Clipboard

Next steps

3.5. Installing Hyper-V device drivers

Microsoft provides network and storage device drivers as a part of their Linux Integration Services (LIS) for Hyper-V package. Prior to provisioning of a VM image as an Azure VM, install Hyper-V device drivers on it.

Prerequisites

Procedure

  1. Check if Hyper-V device drivers are installed:

    # lsinitrd | grep hv
    
    drwxr-xr-x   2 root     root            0 Aug 12 14:21 usr/lib/modules/3.10.0-932.el10.x86_64/kernel/drivers/hv
    -rw-r--r--   1 root     root        31272 Aug 11 08:45 usr/lib/modules/3.10.0-932.el10.x86_64/kernel/drivers/hv/hv_vmbus.ko.xz
    -rw-r--r--   1 root     root        25132 Aug 11 08:46 usr/lib/modules/3.10.0-932.el10.x86_64/kernel/drivers/net/hyperv/hv_netvsc.ko.xz
    -rw-r--r--   1 root     root         9796 Aug 11 08:45 usr/lib/modules/3.10.0-932.el10.x86_64/kernel/drivers/scsi/hv_storvsc.ko.xz
    Copy to Clipboard

    In case all the drivers are not installed, complete the remaining steps.

    Note

    Though the hv_vmbus driver may exist in the environment, complete the following steps.

  2. Create the hv.conf file in the /etc/dracut.conf.d directory.

    # vi hv.conf
    Copy to Clipboard
  3. Add the following driver parameters to the hv.conf file:

    add_drivers+=" hv_vmbus "
    add_drivers+=" hv_netvsc "
    add_drivers+=" hv_storvsc "
    add_drivers+=" nvme "
    Copy to Clipboard
    Note

    Make sure to have the spaces before and after the quotes, for example, add_drivers+=" hv_vmbus ". This ensures that unique drivers are loaded in the event that other Hyper-V drivers already exist in the environment.

  4. Regenerate the initramfs image:

    # dracut -f -v --regenerate-all
    Copy to Clipboard

Verification

  1. Reboot the machine.
  2. Verify installation of drivers:

    # lsinitrd | grep hv
    Copy to Clipboard

Next steps

3.6. Preparing a virtual machine for Azure deployment

To ensure that the VM have compatibility and can operate in the Azure environment, perform the configuration changes before deploying a custom base image.

Prerequisites

Procedure

  1. Log in and register the VM to enable the Red Hat Enterprise Linux repository:

    # subscription-manager register --auto-attach
    Installed Product Current Status:
    Product Name: Red Hat Enterprise Linux for x86_64
    Status: Subscribed
    Copy to Clipboard
  2. Install the cloud-init and hyperv-daemons packages:

    # dnf install cloud-init hyperv-daemons -y
    Copy to Clipboard
  3. Create the cloud-init configuration files and edit them to provide integration with Azure services:

    1. To enable logging to the Hyper-V Data Exchange Service (KVP), edit the /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg file and append the following lines:

      reporting:
          logging:
              type: log
          telemetry:
              type: hyperv
      Copy to Clipboard
    2. To add the Azure datasource, edit the /etc/cloud/cloud.cfg.d/91-azure_datasource.cfg file and append the following lines:

      datasource_list: [ Azure ]
      datasource:
          Azure:
              apply_network_config: False
      Copy to Clipboard
  4. To block automatic loading of specific kernel modules, edit the /etc/modprobe.d/blocklist.conf file and append the following lines:

    blacklist nouveau
    blacklist lbm-nouveau
    blacklist floppy
    blacklist amdgpu
    blacklist skx_edac
    blacklist intel_cstate
    Copy to Clipboard
  5. Modify udev network device rules:

    1. If present, remove the following persistent network device rules:

      # rm -f /etc/udev/rules.d/70-persistent-net.rules
      # rm -f /etc/udev/rules.d/75-persistent-net-generator.rules
      # rm -f /etc/udev/rules.d/80-net-name-slot-rules
      Copy to Clipboard
    2. To ensure working of accelerated networking on Azure, edit the /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules new network device rule and append the following line:

      SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
      Copy to Clipboard
  6. Set the sshd service to start automatically:

    # systemctl enable sshd
    # systemctl is-enabled sshd
    Copy to Clipboard
  7. Modify kernel boot parameters:

    1. Update the GRUB_TIMEOUT parameter value in the /etc/default/grub file:

      GRUB_TIMEOUT=10
      Copy to Clipboard
    2. Remove the following option from the end of the GRUB_CMDLINE_LINUX line, if present:

      rhgb quiet
      Copy to Clipboard
    3. Update the /etc/default/grub file with the following configuration details:

      GRUB_CMDLINE_LINUX="loglevel=3 crashkernel=auto console=tty1 console=ttyS0 earlyprintk=ttyS0 rootdelay=300"
      GRUB_TIMEOUT_STYLE=countdown
      GRUB_TERMINAL="serial console"
      GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
      Copy to Clipboard
      Note

      By adding the elevator=none option to the end of the GRUB_CMDLINE_LINUX line disables the I/O scheduler entirely. This option processes I/O requests as per the order of execution, without optimizing disk performance. With elevator=none on:

      • HDD: Performance and throughput decreases, hence not suitable for running workloads.
      • SSD: High performance and low latency, hence suitable for running workloads.
    4. Regenerate the grub.cfg file:

      • On a BIOS-based machine:

        # grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline
        Copy to Clipboard
      • On a UEFI-based machine:

        # grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline
        Copy to Clipboard
        Warning

        The path to rebuild grub.cfg is same for both BIOS and UEFI based machines. Original grub.cfg is present at BIOS path only. The UEFI path has a stub file that must not be modified or recreated using grub2-mkconfig command.

        If your system uses a non-default location for grub.cfg, adjust the command accordingly.

  8. Configure the Windows Azure Linux Agent (WALinuxAgent):

    1. Install and enable the WALinuxAgent package:

      # dnf install WALinuxAgent -y
      # systemctl enable waagent
      Copy to Clipboard
    2. To prevent the use of a swap partition in provisioned VMs, edit the following lines in the /etc/waagent.conf file:

      Provisioning.DeleteRootPassword=y
      ResourceDisk.Format=n
      ResourceDisk.EnableSwap=n
      Copy to Clipboard
  9. Prepare the VM for Azure provisioning:

    1. Unregister the VM from Red Hat Subscription Manager:

      # subscription-manager unregister
      Copy to Clipboard
    2. Clean up the existing provisioning details:

      # waagent -force -deprovision
      Copy to Clipboard
      Note

      This command generates warnings as Azure automatically handles the VM provisioning.

    3. Clear the shell history and shut down the VM:

      # export HISTSIZE=0
      # poweroff
      Copy to Clipboard

Next steps

3.7. Converting a RHEL image to Azure disk image

Microsoft Azure supports Azure disk image (.vhd) format. Hence, convert RHEL image to the VHD format. The image file must start at a position that is a multiple of 1 MB before it is converted to VHD. To convert the image from qcow2 to a fixed VHD format, see the following procedure.

Note

The following commands use qemu-img version 2.12.0.

Prerequisites

Procedure

  1. Convert the image from qcow2 to raw format.

    $ qemu-img convert -f qcow2 -O raw <image-example-name>.qcow2 <image-name>.raw
    Copy to Clipboard
  2. Edit the align.sh shell script:

    $ vi align.sh
    
    #!/bin/bash
    MB=$((1024 * 1024))
    size=$(qemu-img info -f raw --output json "$1" | gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1]}')
    rounded_size=$((($size/$MB + 1) * $MB))
    if [ $(($size % $MB)) -eq  0 ]
    then
     echo "Your image is already aligned. You do not need to resize."
     exit 1
    fi
    echo "rounded size = $rounded_size"
    export rounded_size
    Copy to Clipboard
  3. Run the script:

    $ sh align.sh <image-example-name>.raw
    Copy to Clipboard
  4. If the Your image is already aligned. You do not need to resize. message displays:

    1. Convert the file to a fixed VHD format:

      $ qemu-img convert -f raw -o subformat=fixed,force_size -O vpc <image-example-name>.raw <image-example-name>.vhd
      Copy to Clipboard

      Once converted, the VHD file is ready to upload to Azure.

  5. If a value displays mean the raw image is not aligned:

    1. Resize the raw file by using the rounded value as displayed above:

      $ qemu-img resize -f raw <image-example-name>.raw +1G
      Copy to Clipboard
    2. Convert the raw image file to a VHD format.

      $ qemu-img convert -f raw -o subformat=fixed,force_size -O vpc <image-example-name>.raw <image-example-name>.vhd
      Copy to Clipboard

      Once converted, the VHD file is ready to upload to Azure.

3.8. Configuring the Azure resources for a RHEL image

Azure resources are basic services of cloud based resource management such as compute, network, storage. You need to complete the Azure resources configuration before uploding the VHD file and create the Azure image.

Prerequisites

Procedure

  1. Authenticate your host with Azure credentials and log in:

    $ az login
    Copy to Clipboard
    Note

    If a browser is available for your environment, open the Azure sign-in page in the browser from the CLI. For details, see Sign in with Azure CLI.

  2. Create a resource group in an Azure region:

    $ az group create --name <resource-group> --location <azure-region>
    Copy to Clipboard

    Example:

    [clouduser@localhost]$ az group create --name azrhelclirsgrp --location southcentralus
    {
      "id": "/subscriptions//resourceGroups/azrhelclirsgrp",
      "location": "southcentralus",
      "managedBy": null,
      "name": "azrhelclirsgrp",
      "properties": {
        "provisioningState": "Succeeded"
      },
      "tags": null
    }
    Copy to Clipboard
  3. Create a storage account with a valid SKU Types:

    $ az storage account create -l <azure-region> -n <storage-account-name> -g <resource-group> --sku <sku_type>
    Copy to Clipboard

    Example:

    $ az storage account create -l southcentralus -n azrhelclistact -g azrhelclirsgrp --sku Standard_LRS
    {
      "accessTier": null,
      "creationTime": "2017-04-05T19:10:29.855470+00:00",
      "customDomain": null,
      "encryption": null,
      "id": "/subscriptions//resourceGroups/azrhelclirsgrp/providers/Microsoft.Storage/storageAccounts/azrhelclistact",
      "kind": "StorageV2",
      "lastGeoFailoverTime": null,
      "location": "southcentralus",
      "name": "azrhelclistact",
      "primaryEndpoints": {
        "blob": "https://azrhelclistact.blob.core.windows.net/",
        "file": "https://azrhelclistact.file.core.windows.net/",
        "queue": "https://azrhelclistact.queue.core.windows.net/",
        "table": "https://azrhelclistact.table.core.windows.net/"
    },
    "primaryLocation": "southcentralus",
    "provisioningState": "Succeeded",
    "resourceGroup": "azrhelclirsgrp",
    "secondaryEndpoints": null,
    "secondaryLocation": null,
    "sku": {
      "name": "Standard_LRS",
      "tier": "Standard"
    },
    "statusOfPrimary": "available",
    "statusOfSecondary": null,
    "tags": {},
      "type": "Microsoft.Storage/storageAccounts"
    }
    Copy to Clipboard
  4. Display the storage account details:

    $ az storage account show-connection-string -n <storage-account-name> -g <resource-group>
    Copy to Clipboard

    Example:

    $ az storage account show-connection-string -n azrhelclistact -g azrhelclirsgrp
    {
      "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azrhelclistact;AccountKey=NreGk...=="
    }
    Copy to Clipboard
  5. Set the environment variable by exporting the existing connection string to connect system to the storage account:

    $ export AZURE_STORAGE_CONNECTION_STRING="<storage-connection-string>"
    Copy to Clipboard

    Example:

    $ export AZURE_STORAGE_CONNECTION_STRING="DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azrhelclistact;AccountKey=NreGk...=="
    Copy to Clipboard
  6. Create a storage container:

    $ az storage container create -n <container-name>
    Copy to Clipboard

    Example:

    $ az storage container create -n azrhelclistcont
    {
      "created": true
    }
    Copy to Clipboard
  7. Create a virtual network:

    $ az network vnet create -g <resource group> --name <vnet-name> --subnet-name <subnet-name>
    Copy to Clipboard

    Example:

    $ az network vnet create --resource-group azrhelclirsgrp --name azrhelclivnet1 --subnet-name azrhelclisubnet1
    {
      "newVNet": {
        "addressSpace": {
          "addressPrefixes": [
          "10.0.0.0/16"
          ]
      },
      "dhcpOptions": {
        "dnsServers": []
      },
      "etag": "W/\"\"",
      "id": "/subscriptions//resourceGroups/azrhelclirsgrp/providers/Microsoft.Network/virtualNetworks/azrhelclivnet1",
      "location": "southcentralus",
      "name": "azrhelclivnet1",
      "provisioningState": "Succeeded",
      "resourceGroup": "azrhelclirsgrp",
      "resourceGuid": "0f25efee-e2a6-4abe-a4e9-817061ee1e79",
      "subnets": [
        {
          "addressPrefix": "10.0.0.0/24",
          "etag": "W/\"\"",
          "id": "/subscriptions//resourceGroups/azrhelclirsgrp/providers/Microsoft.Network/virtualNetworks/azrhelclivnet1/subnets/azrhelclisubnet1",
          "ipConfigurations": null,
          "name": "azrhelclisubnet1",
          "networkSecurityGroup": null,
          "provisioningState": "Succeeded",
          "resourceGroup": "azrhelclirsgrp",
          "resourceNavigationLinks": null,
          "routeTable": null
        }
      ],
      "tags": {},
      "type": "Microsoft.Network/virtualNetworks",
      "virtualNetworkPeerings": null
      }
    }
    Copy to Clipboard

3.9. Uploading a VHD image to Azure Blob storage

By using the Microsoft Azure Blob storage, you can manage the VHD file and create a custom Azure image.

Warning

The exported storage connection string does not persist after a system reboot. If any of the commands in the following steps fail, export the connection string again. See Configuring the Azure resources for a RHEL image to obtain and export a connection string.

Prerequisites

Procedure

  1. Upload the VHD file to the storage container:

    $ az storage blob upload \
        --account-name <storage-account-name> --container-name <container-name> \
        --type page --file <path-to-vhd> --name <image-name>.vhd
    Copy to Clipboard

    Example:

    $ az storage blob upload \
    --account-name azrhelclistact --container-name azrhelclistcont \
    --type page --file ~/Downloads/rhel-image-10.vhd --name rhel-image-10.vhd
    
    Percent complete: 100.0%
    Copy to Clipboard
  2. List the storage containers:

    1. To display in the tabular format, enter:

      $ az storage container list --output table
      Copy to Clipboard
    2. To display in the YAML format, enter:

      $ az storage container list --output yaml
      Copy to Clipboard
  3. Use the URL for the uploaded VHD file from the 1st step:

    $ az storage blob url -c <container-name> -n <image-name>.vhd <url-of-vhd-file>
    Copy to Clipboard

    Example:

    $ az storage blob url -c azrhelclistcont -n rhel-image-10.vhd "https://azrhelclistact.blob.core.windows.net/azrhelclistcont/rhel-image-10.vhd"
    Copy to Clipboard
  4. Create the Azure custom image:

    $ az image create -n <image-name> -g <resource-group> -l <azure-region> --source <URL> --os-type linux
    Copy to Clipboard
    Note

    The default hypervisor generation of the VM is V1. You can optionally specify a V2 hypervisor generation by including the option --hyper-v-generation V2. Generation 2 VMs use a UEFI-based boot architecture. For details, see Support for generation 2 VMs on Azure. The command may return the error "Only blobs formatted as VHDs can be imported." This error may mean that the image was not aligned to the nearest 1 MB boundary before it was converted to VHD.

    Example:

    $ az image create -n rhel10 -g azrhelclirsgrp2 -l southcentralus --source https://azrhelclistact.blob.core.windows.net/azrhelclistcont/rhel-image-10.vhd --os-type linux
    Copy to Clipboard

3.10. Launching and connecting to a RHEL VM in Azure

You need to create a managed disk Azure VM from the image.

Prerequisites

Procedure

  1. Create the VM:

    $ az vm create \
        -g <resource-group> -l <azure-region> -n <vm-name> \
        --vnet-name <vnet-name> --subnet <subnet-name> --size Standard_A2 \
        --os-disk-name <simple-name> --admin-username <administrator-name> \
        --generate-ssh-keys --image <path-to-image>
    Copy to Clipboard
    Note

    The --generate-ssh-keys option creates a private and public key pair files in the ~/.ssh directory on your system. The public key is added to the authorized_keys file on the VM for the user specified by the --admin-username option. For details, see Types of SSH authentication methods.

    Example:

    $ az vm create \
    -g azrhelclirsgrp2 -l southcentralus -n rhel-azure-vm-1 \
    --vnet-name azrhelclivnet1 --subnet azrhelclisubnet1 --size Standard_A2 \
    --os-disk-name vm-1-osdisk --admin-username clouduser \
    --generate-ssh-keys --image rhel10
    
    {
      "fqdns": "",
      "id": "/subscriptions//resourceGroups/azrhelclirsgrp/providers/Microsoft.Compute/virtualMachines/rhel-azure-vm-1",
      "location": "southcentralus",
      "macAddress": "",
      "powerState": "VM running",
      "privateIpAddress": "10.0.0.4",
      "publicIpAddress": "<public-IP-address>",
      "resourceGroup": "azrhelclirsgrp2"
    Copy to Clipboard

    Note the publicIpAddress that is required to log in to the VM in the following step.

  2. Start an SSH session and log in to the Azure VM:

    [clouduser@localhost]$ ssh -i /home/clouduser/.ssh/id_rsa clouduser@<public-IP-address>.
    
    The authenticity of host ',<public-IP-address>' can't be established.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '<public-IP-address>' (ECDSA) to the list of known hosts.
    Copy to Clipboard
  3. If you see a user prompt, you have successfully deployed your Azure VM.

Launch the Microsoft Azure portal to manage VMs and check the audit logs and properties of assigned resources. You can also use the Azure CLI if you are managing multiple VMs. For details, enter az --help in the CLI or see the Azure CLI command reference.

3.11. Types of SSH authentication methods

While it is an important security practice, in some cases, you can also connect to an Azure instance without the Azure-generated key pair. The following examples show two methods for a SSH authentication:

Example 1: Provision a new Azure VM with a password without generating a public key file.

$ az vm create \
    -g <resource-group> -l <azure-region> -n <vm-name> \
    --vnet-name <vnet-name> --subnet <subnet-name> --size Standard_A2 \
    --os-disk-name <simple-name> --authentication-type password \
    --admin-username <administrator-name> --admin-password <ssh-password> --image <path-to-image>
Copy to Clipboard
$ ssh <admin-username>@<public-ip-address>
Copy to Clipboard

Example 2: Provision a new Azure VM with an existing public key file.

$ az vm create \
    -g <resource-group> -l <azure-region> -n <vm-name> \
    --vnet-name <vnet-name> --subnet <subnet-name> --size Standard_A2 \
    --os-disk-name <simple-name> --admin-username <administrator-name> \
    --ssh-key-value <path-to-existing-ssh-key> --image <path-to-image>
Copy to Clipboard
$ ssh -i <path-to-existing-ssh-key> <admin-username>@<public-ip-address>
Copy to Clipboard

3.12. Attaching Red Hat subscriptions

Using the subscription-manager command, you can register and attach your Red Hat subscription to a RHEL instance.

Prerequisites

Procedure

  1. Register your system:

    # subscription-manager register --auto-attach
    Copy to Clipboard
  2. Attach your subscriptions:

  3. Optional: To collect various system metrics about the instance in the Red Hat Hybrid Cloud Console, you can register the instance with Red Hat Insights.

    # insights-client register --display-name <display-name-value>
    Copy to Clipboard

    For information on further configuration of Red Hat Insights, see Client Configuration Guide for Red Hat Insights.

3.13. Setting up automatic registration on Azure gold images

To make deploying RHEL virtual machines (VM) on Microsoft Azure faster and more comfortable, you can set up gold images of RHEL to be automatically registered to Red Hat Subscription Management (RHSM).

Prerequisites

  • RHEL gold images are available in Microsoft Azure. For instructions, see Using gold images on Azure.

    Note

    A Microsoft Azure account can only be attached to a single Red Hat account at a time. Therefore, ensure no other users require access to the Azure account before attaching it to your Red Hat one.

Procedure

Verification

  • In a RHEL 10 VM created by using the above instructions, verify the system is registered to RHSM. On a successfully registered system, the`subscription-manager identity` command displays the UUID of the system. For example:

    # subscription-manager identity
    system identity: fdc46662-c536-43fb-a18a-bbcb283102b7
    name: 192.168.122.222
    org name: 6340056
    org ID: 6340056
    Copy to Clipboard

3.14. Configuring kdump for Microsoft Azure instances

If a kernel crash occurs in a RHEL instance, you can use the kdump service to determine its cause. If kdump is configured correctly while your kernel instance terminates unexpectedly, kdump generates a dump file, known as crash dump or a vmcore file. For debugging, you can then analyze the file to discover why the crash occurred.

For kdump to work on Microsoft Azure instances, you might need to adjust the kdump reserved memory and the vmcore target to fit VM sizes and RHEL versions.

Prerequisites

  • You are using a VM from Microsoft Azure environment that supports kdump:

    • Standard_DS2_v2
    • Standard NV16as v4
    • Standard M416-208s v2
    • Standard M416ms v2
  • You have the root permission.

Procedure

  1. Install kdump and other necessary packages:

    # dnf install kexec-tools kdump-utils makedumpfile
    Copy to Clipboard
  2. Verify that the default location for crash dump files is set in the kdump configuration file and that the /var/crash file is available:

    # grep -v "#" /etc/kdump.conf
    
    path /var/crash
    core_collector makedumpfile -l --message-level 7 -d 31
    Copy to Clipboard
  3. Based on the RHEL VM size and version, check if you need a vmcore target with more free space, such as /mnt/crash:

    Table 3.3. Virtual machine sizes that have been tested with GEN2 VM on Azure
    RHEL VersionStandard DS1 v2 (1 vCPU, 3.5GiB)Standard NV16as v4 (16 vCPUs, 56 GiB)Standard M416-208s v2 (208 vCPUs, 5700 GiB)Standard M416ms v2 (416 vCPUs, 11400 GiB)

    RHEL 9.4 - RHEL 10

    Default

    Default

    Target

    Target

    • Default indicates that kdump works as expected with the default memory and the default kdump target. The default kdump target is the /var/crash file.
    • Target indicates that kdump works as expected with the default memory. However, you might need to assign a target with more free space.
  4. To assign a target with free space, such as /mnt/crash, edit the /etc/kdump.conf file and replace the default path:

    $ sed s/"path /var/crash"/"path /mnt/crash"
    Copy to Clipboard

    The option path /mnt/crash represents the path to the file system where kdump saves the crash dump file.

    For details, such as writing the crash dump file to a different partition, directly to a device or storing it to a remote machine, see Configuring the kdump target.

  5. Increase the crash kernel size to the sufficient size for kdump to capture the vmcore by adding the relative boot parameter if the instance required:

    For example, for a Standard M416-208s v2 VM, the sufficient size is 512 MB, so the boot parameter would be crashkernel=512M.

    1. Open the GRUB configuration file and add crashkernel=512M to the boot parameter line:

      # vi /etc/default/grub
      
      GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0 earlyprintk=ttyS0 rootdelay=300 crashkernel=512M"
      Copy to Clipboard
    2. Update the GRUB configuration file:

      # grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline
      Copy to Clipboard
  6. Reboot the VM to allocate separate kernel crash memory to the VM.

Verification

  • Ensure that kdump is active and running.

    # systemctl status kdump
    ● kdump.service - Crash recovery kernel arming
       Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled; vendor prese>
       Active: active (exited) since Fri 2024-02-09 10:50:18 CET; 1h 20min ago
      Process: 1252 ExecStart=/usr/bin/kdumpctl start (code=exited, status=0/SUCCES>
     Main PID: 1252 (code=exited, status=0/SUCCESS)
        Tasks: 0 (limit: 16975)
       Memory: 512B
       CGroup: /system.slice/kdump.service
    Copy to Clipboard
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat