Upload, create and populate managed disk
Once the uncompressed Access Gateway disk is available, we can create a managed disk and associate the disk image to it.
During this task you will:
Download and uncompress
- At the command line, connect to the new VM using the IP address from the prior task and ssh.
ssh okta@AA.BB.CC.DD. - Use wget to download the latest Access Gateway Microsoft Azure fixed disk image.
For example:
cd /home/okta wget https://download.oag.okta.com/ga/oag_azure.vhd.gz
- Unpack the fixed disk image to a temporary location on the /datadrive.
For example:
sudo mkdir /datadrive/temp sudo cp oag.vhd.gz /datadrive/temp sudo gunzip -v /datadrive/temp/oag_azure.vhd.gz --keep
Depending on the size of the disk and the speed of the VM, it can take anywhere from 60 to 90 minutes to uncompress the disk file.
If you encounter ssh time out issues, consider running the decompress process in the background using nohup and routing the output to a log file.
For example:
nohup sudo nohup gunzip . . . > unzip.log 2>&1 &
Install Microsoft Azure CLI and AZCopy tools
- Change directory to /datadrive/temp.
cd /datadrive/temp - Install Microsoft Azure CLI.
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash -
Installs Azcopy.
sudo wget https://aka.ms/downloadazcopy-v10-linux
sudo tar -xvf downloadazcopy-v10-linux
Create and populate a managed disk
- After installing the Microsoft Azure environment, sign in using:
az login
- Sign in to az copy.
cd /datadrive/temp/azcopy_linux_amd64_10.3.4
sudo ./azcopy login --tenant-id=<tenant id from output of az login> - Sign in or return to the Microsoft Azure command line interface.
az login - Use the az disk create command create a disk large enough to contain the OVA disk file.
az disk create -n <virtual-disk> \ --resource-group < resource-group > --location <"location"> \ --for-upload --upload-size-bytes <size> --sku standard_lrs
Where:
- <virtual-disk> is the name of the virtual disk. It's typically the same as the OVA disk without suffix.
- <resource-group> is the name of the previously created resource group. For example, "AccessGateway".
- <location> is the location of the resource group. For example "eastus".
- <size> is the size of the disk in bytes. For example 236246270464. Note this is the size, in bytes, of the downloaded Access Gateway disk image.
- --sku standard_lrs is a required parameter.
For example:
az disk create -n Okta-AccessGatewayDisk --resource-group AccessGateway \ --location eastus --for-upload --upload-size-bytes 236246270464 \ --sku standard_lrsWhich produces the following results:
{
"creationData": {
"createOption": "Upload",
"imageReference": null,
"sourceResourceId": null,
"sourceUniqueId": null,
"sourceUri": null,
"storageAccountId": null,
"uploadSizeBytes": 20972032
},. . .
"tags": {},
"timeCreated": "2020-04-20T17:51:29.894626+00:00",
"type": "Microsoft.Compute/disks",
"uniqueId": "d1485574-. . . ",
"zones": null
}The file size of the created disk must be an exact match to the file size used when copying up the disk image.
Use a command, such as ls -ln, to determine the file size in bytes. - Use the az disk grant-access command to create a shared access token, which can be used to grant access to the previously created disk.
az disk grant-access -n <virtual-disk> -g <resource-group> --access-level Write \ --duration-in-seconds 86400
Where:- <virtual-disk> is the name of the virtual disk.
- <resource-group> is the name of the previously created resource group.
- --access-level Write is the required write access level.
- --duration-in-seconds 86400 is the lifetime of the shared access token in seconds.
For example:az disk grant-access -n Okta-AccessGatewayDisk --resource-group AccessGateway \ --access-level Write --duration-in-seconds 86400Which produces the following results:
"accessSas": "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D"
- Upload the disk file using the azcopy copy command.
cd /datadrive/temp/azcopy_linux_amd64_10.3.4 sudo ./azcopy copy <path-to-disk> <accessSas> --blob-type PageBlobWhere:- <path-to-disk> is the fully qualified path to the fixed disk previously created.
- <accessSas> is the value from the az disk grant-access command.
For example:
sudo ./azcopy copy /datadrive/temp/oag.vhd "https://md-impexp-t4pdnf22n02h.blob.core.windows.net/p15jhr4gwqhl/abcd?sv=2017-04-17&sr=b&si=b1154122-1458-4f02-a226-1554c66938c0&sig=vGnmhmKMY92r3ecQLlAEXtEHzRCFTsa5rrIxNsQqaZY%3D" -blob-type PageBlobAzcopy uses the AZCOPY_CONCURRENCY_VALUE environment variable to control the upload process.
Setting this variable to AUTO causes Azcopy to attempt to optimize the upload process.
For example:export AZCOPY_CONCURRENCY_VALUE=AUTOsudo nohup sudo ./azcopy copy /datadrive/temp/oag.vhd \ "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D" \ --blob-type PageBlob > /tmp/azcopy.log 2>&1 & - Monitor the copy using a command similar to:
tail -f /tmp/azcopy.log
Which produces the following results:INFO: Scanning...
Job 50d659dd-6174-fe4d-78b1-5f97e305fdee has started
Log file is located at: ~/.azcopy/50d659dd-6174-fe4d-78b1-5f97e305fdee.log
INFO: Trying 4 concurrent connections (initial starting point)
INFO: Trying 16 concurrent connections (seeking optimum)
. . .
INFO: Trying 5 concurrent connections (at optimum)
. . .
Elapsed Time (Minutes): 78.9381
Total Number Of Transfers: 1
Number of Transfers Completed: 1
. . .
Total Bytes Transferred: 236223201792
Final Job Status: Completed - Once copied, use the az disk revoke-access command to revoke the previously granted access.
az disk revoke-access --name "<virtual-disk>" --resource-group "<resource-group>"Where:
- <virtual-disk> is the name of the disk where access was granted.
- <resource-group> is the resource group containing the disk.
For example:
az disk revoke-access --name "Okta-AccessGateway-2020.5.0" --resource-group "AccessGateway"
Which produces the following results:
- Running
Failure to run the az disk revoke-access command results in an error when you attempt to create a VM as the disk will not be available for use.
If you don't run the az disk revoke-access command, the process results in an error when you attempt to create a VM as the disk isn't available for use.