Upload, create and populate managed disk

Once the uncompressed Access Gateway disk is available, we can create a managed disk and associate the disk image to it.

During this task you will:

 

Download and Uncompress

  1. At the command line, connect to the new vm using the IP address from the prior task and ssh.
    ssh okra@AA.BB.CC.DD.
  2. Using wget download the latest Access Gateway Microsoft Azure fixed disk image.

    For example:

    cd /home/okta 
    wget  https://download.oag.okta.com/ga/oag_azure.vhd.gz
  3. Unpack the fixed disk image to a temporary location on the /datadrive.

    For example:

    sudo mkdir /datadrive/temp
    sudo cp oag.vhd.gz /datadrive/temp
    sudo gunzip -v /datadrive/temp/oag_azure.vhd.gz --keep
    
Info

Note

Depending on the size of the disk and the speed of the VM it can take anywhere from 60 to 90 minutes to uncompress the disk file.
If you encounter ssh time out issues consider running the decompress in the background using nohup androuting the output to a log file.
for example:
nohup sudo nohup gunzip . . . > unzip.log 2>&1 &

Install Microsoft Azure CLI and AZCopy tools

  1. Change directory to /datadrive/temp.
    cd /datadrive/temp
  2. Install Microsoft Azure CLI.
    curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
  3. Installs Azcopy.
    sudo wget https://aka.ms/downloadazcopy-v10-linux

    sudo tar -xvf downloadazcopy-v10-linux

Create and Populate a managed disk

  1. After installing the Microsoft Azure environment, login using:

    az login

  2. Login to az copy.

    cd /datadrive/temp/azcopy_linux_amd64_10.3.4
    sudo ./azcopy login --tenant-id=<tenant id from output of az login>

  3. Login or return to the Microsoft Azure command line interface.
    az login
  4. Using the az disk create command create a disk large enough to contain the OVA disk file.
    az disk create -n <virtual-disk> \ 
        --resourcegroup <resource-group> --location <location> 
        --for-upload --upload-size-bytes <size> --sku standard_lrs
    

    Where:

    • <virtual-disk> is the name of the virtual disk - typically the same as the OVA disk without suffix.
    • <resource-group> is the name of the previously created resource group. For example, AccessGateway.
    • <location> is the location of the resource group. For example eastus.
    • <size> is the size of the disk in bytes. For example 236246270464.
    • and

    • --sku standard_lrs is a required parameter

    For example:

    az disk create -n Okta-AccessGateway-2020.5.0 --resource-group AccessGateway \
        --location eastus --for-upload --upload-size-bytes 236246270464 \
        --sku standard_lrs
    

    Which will produce results resembling:

    {
    "creationData": {
    "createOption": "Upload",
    "imageReference": null,
    "sourceResourceId": null,
    "sourceUniqueId": null,
    "sourceUri": null,
    "storageAccountId": null,
    "uploadSizeBytes": 20972032
    },. . .
    "tags": {},
    "timeCreated": "2020-04-20T17:51:29.894626+00:00",
    "type": "Microsoft.Compute/disks",
    "uniqueId": "d1485574-. . . ",
    "zones": null
    }
    Info

    Note

    The file size of the created disk must match exactly the file size used when copying up the disk image.
    Use a command such as ls -ln to determine the file size in bytes.

  5. Using az disk grant-access to create an Shared Access Token which can be used to grant access to the previously created disk.
     az disk grant-access -n <virtual-disk> -g <resource-group> --access-level Write \
                           --duration-in-seconds 86400

    Where:
    • <virtual-disk> is the name of the virtual disk
    • <resource-group> is the name of the previously created resource group.
    • and

    • --access-level Write is the required write access level
    • --duration-in-seconds 86400 in the lifetime of the Shared Access Token in seconds.

    for example:
    az disk grant-access -n Okta-AccessGateway-2020.5.0 --resource-group AccessGateway \ 
             --access-level Write --duration-in-seconds 86400

    Which will produce results resembling:

    "accessSas": "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D"

  6. Upload the disk file using the azcopy copy command.
    cd /datadrive/temp/azcopy_linux_amd64_10.3.4
    sudo ./azcopy copy <path-to-disk> "<accessSas>" --blob-type PageBlob
    Where:
    • <path-to-disk> is the fully qualified path to the fixed disk previously created.
    • <accessSas> is the value from the az disk grant-access command.

    For example:

    sudo ./azcopy copy /datadrive/temp/oag.vhd "https://md-impexp-t4pdnf22n02h.blob.core.windows.net/p15jhr4gwqhl/abcd?sv=2017-04-17&sr=b&si=b1154122-1458-4f02-a226-1554c66938c0&sig=vGnmhmKMY92r3ecQLlAEXtEHzRCFTsa5rrIxNsQqaZY%3D" -blob-type PageBlob

    Info

    Note

    Azcopy uses the AZCOPY_CONCURRENCY_VALUE environment variable to control the upload process.
    Setting this variable to AUTO causes Azcopy to attempt to optimize the upload process.


    For example:
    export AZCOPY_CONCURRENCY_VALUE=AUTO
    sudo nohup sudo ./azcopy copy /datadrive/temp/oag.vhd \ "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D" \ --blob-type PageBlobexample > /tmp/azcopy.log 2>&1 &
  7. Monitor the copy using a command similar to:
    tail -f /tmp/azcopy.log
    Which will produce results similar to:
    INFO: Scanning...
    Job 50d659dd-6174-fe4d-78b1-5f97e305fdee has started
    Log file is located at: ~/.azcopy/50d659dd-6174-fe4d-78b1-5f97e305fdee.log
    INFO: Trying 4 concurrent connections (initial starting point)
    INFO: Trying 16 concurrent connections (seeking optimum)
    . . .
    INFO: Trying 5 concurrent connections (at optimum)
    . . .
    Elapsed Time (Minutes): 78.9381
    Total Number Of Transfers: 1
    Number of Transfers Completed: 1
    . . .
    Total Bytes Transferred: 236223201792
    Final Job Status: Completed
  8. Once copied, using az disk revoke-access revoke the previously granted access using
    az disk revoke-access --name "<virtual-disk>" --resource-group "<resource-group>"
    • <virtual-disk> is the name of the disk where access was granted.
    • <resource-group> is the resource group containing the disk.

    For example:

    az disk revoke-access --name "Okta-AccessGateway-2020.5.0" --resource-group "AccessGateway"

    Which will produce results similar to:

    - Running
    Important Note

    Important

    Failure to run the az disk revoke-access command will result in an error when attempting to create a VM as the disk will not be available for use.

See Also