Rocky Linux from CIQ on Azure¶
This guide covers deploying Rocky Linux from CIQ (RLC) on Microsoft Azure.
Azure Marketplace¶
RLC is available through the Azure Marketplace, providing easy deployment and billing integration.
Finding RLC in Azure Marketplace¶
- Navigate to Azure Marketplace
- Search for "Rocky Linux from CIQ"
- Select the appropriate RLC offering
- Review pricing and terms
- Click "Get It Now"
Launching from Marketplace¶
# Create RLC virtual machine from Azure CLI
az vm create \
--resource-group myResourceGroup \
--name rlc-vm \
--image RLC-Marketplace-Image \
--size Standard_D2s_v3 \
--admin-username rlcuser \
--ssh-key-values ~/.ssh/id_rsa.pub \
--tags Environment=Production Application=RLC
Virtual Machine Sizes¶
Recommended VM Sizes¶
Development/Testing: - Standard_B2s - 2 vCPU, 4GB RAM - Standard_B2ms - 2 vCPU, 8GB RAM - Standard_D2s_v3 - 2 vCPU, 8GB RAM
Production: - Standard_D4s_v3 - 4 vCPU, 16GB RAM - Standard_D8s_v3 - 8 vCPU, 32GB RAM - Standard_D16s_v3 - 16 vCPU, 64GB RAM
High Performance: - Standard_F8s_v2 - 8 vCPU, 16GB RAM (compute optimized) - Standard_E8s_v3 - 8 vCPU, 64GB RAM (memory optimized)
Storage Configuration¶
Managed Disk Types¶
# Create high-performance managed disk
az disk create \
--resource-group myResourceGroup \
--name rlc-data-disk \
--size-gb 500 \
--sku Premium_LRS \
--encryption-type EncryptionAtRestWithPlatformKey
# Attach disk to VM
az vm disk attach \
--resource-group myResourceGroup \
--vm-name rlc-vm \
--name rlc-data-disk
Recommended Storage Layout¶
- OS Disk: 128GB Premium SSD (encrypted)
- Data Disk: 500GB+ Premium SSD (encrypted)
- Backup Storage: Azure Blob Storage for backups
Networking¶
Network Security Groups¶
# Create network security group
az network nsg create \
--resource-group myResourceGroup \
--name rlc-nsg
# Allow SSH access
az network nsg rule create \
--resource-group myResourceGroup \
--nsg-name rlc-nsg \
--name SSH \
--protocol Tcp \
--direction Inbound \
--source-address-prefix '*' \
--source-port-range '*' \
--destination-address-prefix '*' \
--destination-port-range 22 \
--access Allow \
--priority 1000
# Allow HTTP/HTTPS
az network nsg rule create \
--resource-group myResourceGroup \
--nsg-name rlc-nsg \
--name HTTP \
--protocol Tcp \
--direction Inbound \
--source-address-prefix '*' \
--source-port-range '*' \
--destination-address-prefix '*' \
--destination-port-range 80 \
--access Allow \
--priority 1001
az network nsg rule create \
--resource-group myResourceGroup \
--nsg-name rlc-nsg \
--name HTTPS \
--protocol Tcp \
--direction Inbound \
--source-address-prefix '*' \
--source-port-range '*' \
--destination-address-prefix '*' \
--destination-port-range 443 \
--access Allow \
--priority 1002
Virtual Network Configuration¶
- Public Subnet: For internet-facing VMs
- Private Subnet: For internal services
- Application Gateway: For load balancing and SSL termination
- VPN Gateway: For hybrid connectivity
Scale Sets¶
VM Scale Set Configuration¶
{
"name": "rlc-scale-set",
"sku": {
"name": "Standard_D2s_v3",
"capacity": 3
},
"properties": {
"upgradePolicy": {
"mode": "Rolling"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "rlc",
"adminUsername": "rlcuser",
"linuxConfiguration": {
"ssh": {
"publicKeys": [
{
"path": "/home/rlcuser/.ssh/authorized_keys",
"keyData": "ssh-rsa AAAAB3NzaC1yc2E..."
}
]
}
}
},
"storageProfile": {
"imageReference": {
"offer": "RLC",
"publisher": "CIQ",
"sku": "rlc-9",
"version": "latest"
}
}
}
}
}
Auto Scaling¶
# Create autoscale settings
az monitor autoscale create \
--resource-group myResourceGroup \
--resource rlc-scale-set \
--resource-type Microsoft.Compute/virtualMachineScaleSets \
--name rlc-autoscale \
--min-count 2 \
--max-count 10 \
--count 3
# Add scale-out rule
az monitor autoscale rule create \
--resource-group myResourceGroup \
--autoscale-name rlc-autoscale \
--condition "Percentage CPU > 70 avg 5m" \
--scale out 1
Load Balancing¶
Application Gateway¶
# Create application gateway
az network application-gateway create \
--resource-group myResourceGroup \
--name rlc-appgw \
--location eastus \
--capacity 2 \
--sku Standard_v2 \
--public-ip-address rlc-pip \
--vnet-name rlc-vnet \
--subnet appgw-subnet \
--servers 10.0.1.4 10.0.1.5
Azure Load Balancer¶
# Create load balancer
az network lb create \
--resource-group myResourceGroup \
--name rlc-lb \
--sku Standard \
--public-ip-address rlc-lb-pip \
--frontend-ip-name rlc-frontend \
--backend-pool-name rlc-backend
Monitoring¶
Azure Monitor Integration¶
# Install Azure monitoring agent
sudo dnf install azure-cli
az extension add --name monitor-control-service
# Configure Log Analytics workspace
az monitor log-analytics workspace create \
--resource-group myResourceGroup \
--workspace-name rlc-logs \
--location eastus
Custom Metrics¶
# Send custom metric
az monitor metrics submit \
--resource /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/rlc-vm \
--metric-namespace "RLC/Application" \
--metric-name "CustomMetric" \
--metric-value 123
Backup and Recovery¶
Azure Backup¶
# Create Recovery Services vault
az backup vault create \
--resource-group myResourceGroup \
--name rlc-vault \
--location eastus
# Enable backup for VM
az backup protection enable-for-vm \
--resource-group myResourceGroup \
--vault-name rlc-vault \
--vm rlc-vm \
--policy-name DefaultPolicy
Snapshot Management¶
# Create disk snapshot
az snapshot create \
--resource-group myResourceGroup \
--name rlc-snapshot-$(date +%Y%m%d) \
--source rlc-vm_OsDisk_1
# Create automated snapshot policy
az disk-encryption-set create \
--resource-group myResourceGroup \
--name rlc-snapshot-policy \
--location eastus
Cost Optimization¶
Reserved Instances¶
- Purchase Azure Reserved VM Instances for predictable workloads
- Use Azure Hybrid Benefit for cost savings
- Consider Spot VMs for non-critical workloads
Storage Optimization¶
- Use Premium SSD only where needed
- Implement lifecycle management for blob storage
- Regular cleanup of unused disks and snapshots
Security¶
Azure Security Center¶
# Enable Security Center
az security auto-provisioning-setting update \
--name default \
--auto-provision on
# Configure security policies
az policy assignment create \
--name "RLC Security Policy" \
--policy-set-definition "Azure Security Benchmark" \
--scope /subscriptions/{subscription-id}/resourceGroups/myResourceGroup
Key Vault Integration¶
# Create Key Vault
az keyvault create \
--resource-group myResourceGroup \
--name rlc-keyvault \
--location eastus \
--enable-disk-encryption
# Store secrets
az keyvault secret set \
--vault-name rlc-keyvault \
--name "database-password" \
--value "SecurePassword123"
Troubleshooting¶
Common Issues¶
VM Deployment Failures:
# Check deployment status
az deployment group show \
--resource-group myResourceGroup \
--name vm-deployment
# View activity log
az monitor activity-log list \
--resource-group myResourceGroup \
--max-events 50
Connectivity Issues:
# Check network security group rules
az network nsg show \
--resource-group myResourceGroup \
--name rlc-nsg
# Test network connectivity
az network watcher test-connectivity \
--source-resource rlc-vm \
--dest-address 8.8.8.8 \
--dest-port 80
Performance Issues:
# Check VM metrics
az monitor metrics list \
--resource /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/rlc-vm \
--metric "Percentage CPU" \
--start-time 2024-01-01T00:00:00Z \
--end-time 2024-01-01T23:59:59Z
Best Practices¶
Security¶
- Use Azure Active Directory for authentication
- Enable disk encryption for all storage
- Implement network security groups and application security groups
- Use Azure Security Center recommendations
Performance¶
- Use Premium SSD for production workloads
- Enable accelerated networking for high-throughput scenarios
- Use proximity placement groups for latency-sensitive applications
Cost Management¶
- Tag all resources for cost allocation
- Use Azure Cost Management for usage analysis
- Implement auto-shutdown for development environments
- Regular review of unused resources
High Availability¶
- Deploy across multiple availability zones
- Use managed disks with zone redundancy
- Implement application-level health checks
- Configure automated backup policies
For additional Azure-specific configurations and troubleshooting, see the main RLC documentation