Integrate Linux & Active Directory using Kerberos, WinBind, Samba

Integrate Linux & Active Directory using Kerberos, WinBind, Samba

We can integrate Linux & Active Directory using Kerberos, Winbind, Samba. Prerequisites to join an Ubuntu Server to Windows Active Directory,

  1. Your Ubuntu server should be able to reach AD server.
  2. Active Directory Domain administrator account or an account in Active Directory’s ‘Domain Admins’ group or an account, that has sufficient privilege to join your Ubuntu server to Active Directory domain.

Configure Hosts

The first step of Active Directory join is to edit the /etc/hosts file. Set your machine’s IP address and hostname in /etc/hosts file.

vi /etc/hosts

In the hosts file, please enter the below values,

xx.xx.xx.xx mymachine.domain.com

Example :-

vi /etc/hosts

In the hosts file, please enter the below values,

10.0.0.50 mymachine.domain.com

Configure Local Resolver

Next you need to setup the /etc/resolv.conf with your name server entries and search domain entry. Usually, the AD server IP itself will be the name server IPs, since DNS role may be installed in the same server.

vi /etc/resolv.conf

In the resolv.conf file, please enter the below values

nameserver xx.xx.xx.xx
nameserver xx.xx.xx.xx
search domain.com

Example :-

vi /etc/resolv.conf

Edit the resolv.conf file and please enter the below values

nameserver 10.0.0.2
nameserver 10.0.0.3
search domain.com

Install the Utilities

Install the required packages,

apt-get -y install winbind sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp

During the Kerberos installation, you will see a pink screen. Just enter your full domain name in CAPITAL LETTERS,

Eg : DOMAIN.COM

select OK by pressing TAB

You may keep it as BLANK and press OK, if you wish to configure Kerberos later.

Configure NTP Settings

The date and time of your Ubuntu server\host must synchronize with Active Directory server. Add your active directory’s ntp hostname in the /etc/ntp.conf file,

vi /etc/ntp.conf
server ntphost1.domain.com
server ntphost2.domain.com

You can also keep it as Ubuntu’s NTP servers, provided your active directory server’s time and Ubuntu NTP server time are in sync.

vi /etc/ntp.conf

In that case, add the below values, instead of above values,

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org

Now sync the Ubuntu host machine’s date and time with NTP server and then start the NTP service,

If you are using your Active Directory’s NTP service, then execute the below commands,

ntpdate ntphost1.domain.com
ntpdate ntphost2.domain.com
systemctl enable ntp
systemctl start ntp

or

/etc/init.d/ntp restart

or

/etc/rc.d/init.d/ntp restart

Configure Kerberos Settings

Create a file named krb5.conf,

vi /etc/krb5.conf

Enter the below values in the kerberos config file,

[libdefaults]
ticket_lifetime = 600
default_realm = DOMAIN
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
DOMAIN = {
kdc = ip of you ads server
default_domain = DOMAIN
}
[domain_realm]
.domain = DOMAIN
domain = DOMAIN
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.logog

Now, try to get a valid Kerberos ticket for your active directory administrator account,

kinit administrator@DOMAIN.COM

Password for administrator@DOMAIN.COM: <enter password>

klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@DOMAIN.COM
Valid starting Expires Service principal
02/11/2017 21:22:27 03/11/2017 07:22:27 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 02/11/2017 21:22:27

Configure NSSwitch

To configure the NSSwitch configuration, please edit the file /etc/nsswitch.conf

vi /etc/nsswitch.conf

Now enter the below values into your configuration file.

passwd: compat winbind
shadow: compat
group: compat winbind

Configure SAMBA Service

To configure the SAMBA service in your Ubuntu box, edit the samba configuration file /etc/samba/smb.conf

To edit the file, execute the command,

vi /etc/samba/smb.conf

Replace the DOMAIN with your domain name(without .com) and DOMAIN.COM with your complete domain name.

[global]
workgroup = DOMAIN
password server = hostname of your domain controller server
wins server = IP of wins server
realm = DOMAIN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
winbind separator = + <<very important, as the default \ character does strange things in unix/linux.
allow trusted domains = Yes <<if you have them

Restart the Samba & Winbind

To restart the Samba and Winbind service, you may execute the below commands,

service smb restart
service winbind restart

or

/etc/init.d/smb restart
/etc/init.d/winbind restart

or

/etc/rc.d/init.d/smb restart
/etc/rc.d/init.d/winbind restart

Verify krb5.keytab

To list the content of /etc/krb5.keytab file, please execute the below command,

klist -kt

To show the available kerberos tickets, please execute the command,

klist -c /var/lib/sss/db/ccache_DOMAIN.COM

SUDOER Configuration

To enable a particular AD group to have admin privilege in the Ubuntu box, you need to edit the sudoer configuration. The sudo file is located at /etc/sudoers. The members of AD groups added in sudoers can perform sudo.

To edit the sudoers, please execute,

vi /etc/sudoers
# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD:ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
## AD Domain Groups and Users
#Adding Domain Admins and it_support as admins
%domain\ admins ALL=(ALL) NOPASSWD:ALL
%it_support ALL=(ALL) NOPASSWD:ALL
#Adding user george as admin
george ALL=(ALL) NOPASSWD:ALL

Configure LightDM

To configure the lightDM, create the lightDM configuration file “/etc/lightdm/lightdm.conf“.

vi /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-hide-users=true
greeter-show-manual-login=true

Once the file is saved, restart the lightDM service by executing the below command,

service lightdm restart

Join the Ubuntu Host to Active Directory Domain

To join the Linux Host to Active Directory Domain, please execute the below command,

net ads join -U DOMAIN+username%password

Verify the AD connectivity

To verify the active directory connectivity, please execute the below commands.

To test the AD join, please execute the below command,

net ads testjoin

If the result is ‘Join is OK‘ , then test the winbind. To test the winbind service, please execute the below commands.

To list the AD users

wbinfo -u <ad user name>

To List the AD groups,

wbinfo -g <ad group name>

If it is displaying your AD group and Username details, then it means,your linux box is successfully integrated into the AD domain.

getent passwd
getent group
id <ad user="" name="">

Now try a server reboot. Also try to access using the server via SSH from an another host and perform sudo.

Integrate Ubuntu & Active Directory using Kerberos, Realmd, SSSD

Integrate Ubuntu & Active Directory using Kerberos, Realmd, SSSD

We can integrate Ubuntu & Active Directory using Kerberos, Realmd, SSSD. Prerequisites to join an Ubuntu Server to Windows Active Directory,

  1. Your Ubuntu server should be able to reach AD server.
  2. Active Directory Domain administrator account or an account in Active Directory’s ‘Domain Admins’ group or an account, that has sufficient privilege to join your Ubuntu server to Active Directory domain.

Configure Hosts

The first step of Active Directory join is to edit the /etc/hosts file. Set your machine’s IP address and hostname in /etc/hosts file.

vi /etc/hosts

In the hosts file, please enter the below values,

xx.xx.xx.xx mymachine.domain.com

Example :-

vi /etc/hosts

In the hosts file, please enter the below values,

10.0.0.50 mymachine.domain.com

Configure Local Resolver

Next you need to setup the /etc/resolv.conf with your name server entries and search domain entry. Usually, the AD server IP itself will be the name server IPs, since DNS role may be installed in the same server.

vi /etc/resolv.conf

In the resolv.conf file, please enter the below values

nameserver xx.xx.xx.xx
nameserver xx.xx.xx.xx
search domain.com

Example :-

vi /etc/resolv.conf

Edit the resolv.conf file and please enter the below values

nameserver 10.0.0.2
nameserver 10.0.0.3
search domain.com

Install the Utilities

Install the required packages,

apt-get -y install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp

During the Kerberos installation, you will see a pink screen. Just enter your full domain name in CAPITAL LETTERS,

Eg : DOMAIN.COM

select OK by pressing TAB

You may keep it as BLANK and press OK, if you wish to configure Kerberos later.

Configure NTP Settings

The date and time of your Ubuntu server\host must synchronize with Active Directory  server. Add your active directory’s ntp hostname in the /etc/ntp.conf file,

vi /etc/ntp.conf
server ntphost1.domain.com 
server ntphost2.domain.com

You can also keep it as Ubuntu’s NTP servers, provided your active directory server’s time and Ubuntu NTP server time are in sync.


vi /etc/ntp.conf

In that case, add the below values, instead of above values,

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org

Now sync the Ubuntu host machine’s date and time with NTP server and then start the NTP service,

If you are using your Active Directory’s NTP service, then execute the below commands,

ntpdate ntphost1.domain.com
ntpdate ntphost2.domain.com
systemctl enable ntp
systemctl start ntp

Configure RealMD Settings

Create a file named realmd.conf,

vi /etc/realmd.conf

Enter the below values in the realmd config file,

[users]
default-home = /home/DOMAIN/%U
default-shell = /bin/bash
[active-directory]
default-client = sssd
os-name = Ubuntu Server
os-version = 16.04
[service]
automatic-install = no
[domain.com]
fully-qualified-names = no
automatic-id-mapping = yes
user-principal = yes
manage-system = no

Now, try to get a valid Kerberos ticket for your active directory administrator account,

kinit administrator@DOMAIN.COM

Password for administrator@DOMAIN.COM: <enter password>

klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@DOMAIN.COM
Valid starting Expires Service principal
02/11/2017 21:22:27 03/11/2017 07:22:27 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 02/11/2017 21:22:27

Join the Ubuntu Host to Active Directory Domain

To join the Ubuntu Host to Active Directory Domain, please execute the below command,

realm --verbose join domain.com --user-principal=mymachine/administrator@DOMAIN.COM
--unattended

* /usr/sbin/update-rc.d sssd enable
update-rc.d: error: cannot find a LSB script for sssd
* /usr/sbin/service sssd restart
* Successfully enrolled machine in realm

Access Control using REALM

To deny all Active Directory user or group access to your Ubuntu host, please execute the below command,

realm deny --all

Once all the access is denied, now we can permit selected active directory user groups or users. To permit selected user groups, please execute the below command,

realm permit -g 'Domain Admins' 'IT DEPT'

To permit selected users, please execute the below command,

realm permit administrator george

This will permit two users administrator and george.

Configure SSSD Service

Edit the file sssd.conf. If the file is not existing, you may need to create it,

vi /etc/sssd/sssd.conf

Enter the below configuration values in the sssd config file. Replace domain.com & domain with your domain name

[sssd]
domains = domain.com
config_file_version = 2
services = nss, pam
[domain/domain.com]
ad_domain = domain.com
krb5_realm = DOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
#fallback_homedir = /home/%d/%u
fallback_homedir = /home/DOMAIN/%u
enumerate = True
access_provider = ad

Now restart the SSSD service by executing the below command,

service restart sssd

Edit PAM.D Configuration

To enable the users to auto create home directory upon a successful login to your ubuntu box, you need to edit the /etc/pam.d/common-session file.

Add the line,

session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

below the line\entry

session optional pam_sss.so

So that, the session config file should look like,

session optional pam_systemd.so 
session required pam_unix.so 
session optional pam_sss.so 
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

Configure SAMBA Service

To configure the SAMBA service in your Ubuntu box, edit the samba configuration file. /etc/samba/smb.conf

To edit the file, execute the command,

vi  /etc/samba/smb.conf

Replace the DOMAIN with your domain name(without .com) and DOMAIN.COM with your complete domain name.

[global]
workgroup = DOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = DOMAIN.COM
security = ads

Verify krb5.keytab

To list the content of /etc/krb5.keytab file, please execute the below command,

klist -kt

To show the available kerberos tickets, please execute the command,

klist -c /var/lib/sss/db/ccache_DOMAIN.COM

SUDOER Configuration

To enable a particular AD group to have admin privilege in the Ubuntu box, you need to edit the sudoer configuration. The sudo file is located at /etc/sudoers. The members of AD groups added in sudoers can perform sudo.

To edit the sudoers, please execute,

vi /etc/sudoers
# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD:ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
## AD Domain Groups and Users
#Adding Domain Admins and it_support as admins
%domain\ admins ALL=(ALL) NOPASSWD:ALL
%it_support ALL=(ALL) NOPASSWD:ALL
#Adding user george as admin
george ALL=(ALL) NOPASSWD:ALL

Configure LightDM

To configure the lightDM, create the lightDM configuration file”./etc/lightdm/lightdm.conf“.

vi /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-hide-users=true
greeter-show-manual-login=true

Once the file is saved, restart the lightDM service by executing the below command,

service lightdm restart

Verify the AD connectivity

To verify the active directory connectivity, please execute the below commands. You will see the AD user and group information.

getent passwd
getent group
id <AD user name>

Now try a server reboot. Also try to access using the server via SSH from an another host and perform sudo.

Skip interactive post install configuration

Skip interactive post install configuration

To skip interactive post install configuration in linux, you can do it by setting up the DEBIAN_FRONTEND variable to noninteractive. Then use the -y flag in apt-get install command.

Method 1 : Without using sudo. If this does not work, please try with sudo.

export DEBIAN_FRONTEND=noninteractive

apt-get -y install [packagename]

Method 2 : Try with sudo,

sudo DEBIAN_FRONTEND=noninteractive apt-get -y install [packagename]

Example : –

sudo DEBIAN_FRONTEND=noninteractive apt-get -y install krb5-user

Skip interactive post install configuration

Execute command on remote machine as different user via SSH

Execute command on remote machine as different user via SSH

To execute command on remote machine as different user via SSH, you may need to run the below command

ssh -t user@host sudo -u<other_user_name> sh -c /path/to/script.sh

In our example, we are executing the script.sh as root after login to the server as testuser

ssh -t testuser@162.23.45.67 sudo -uroot sh -c /home/testuser/script.sh

If you are trying to execute a command to action a file on remote machine as a different user, you need to run the below command,

ssh -t user@host sudo -u<other_user_name> sh -c 'command /path/to/file'

In our example, we are executing the script.sh as root after login to the server as testuser

ssh -t user@host sudo -u<other_user_name> sh -c 'cat /path/to/file'

If you wish to reboot a remote server as a different user, please execute,

ssh -t testuser@162.23.45.67 sudo -uroot sh -c 'reboot'

To execute multiple commands via SSH, please execute,

ssh user@host << EOF
command1
command2
command3
EOF

Example script below,

ssh testuser@162.23.45.67 << EOF
uname -a
cat /proc/cpuinfo
free -m
EOF

 

Persist Azure Linux VM’s hostname

Persist Azure Linux virtual machine’s hostname

To persist Azure Linux virtual machine’s hostname permanently for an Azure Linux Virtual Machine, you need to ensure that, you have an Azure Linux agent installed in this machine. To install WA Linux Agent in your virtual machine, please refer the link http://admindiary.com/install-microsoft-azure-linux-agent-waagent/

Once the WA Linux Agent or WAAGENT is installed in your machine, you may need to modify the WAAGENT configuration to monitor hostname changes and update the network. To save or persist your hostname permanently, edit the file /etc/waagent.conf and modify the below line,

Provisioning.MonitorHostName=y

vi /etc/waagent.conf
Provisioning.MonitorHostName=y

Once done, please proceed to restart the WAAGENT service.

For Ubuntu,please execute the below command,

sudo service walinuxagent restart

For CoreOS, please execute the command,

sudo systemctl restart waagent

If the above steps does not work, you may need to try to install the service by executing the below command,

sudo waagent -install

Now you can change the hostname and it will be updated, both locally and and also at the Azure Portal.

You can execute the below command to change your machine’s hostname.

sudo hostname

The command to change the hostname is mentioned in the doc – https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-intro-on-azure?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json#hostnamechanges

Even after executing the above steps, if the hostname change is not persisting, you may need to edit the file /var/lib/waagent/ovf-env.xml and update the hostname.

vi /var/lib/waagent/ovf-env.xml

Then look for the below line and change your hostname.

<HostName>YourHostname</HostName>

Sample File is pasted below ,


1.0
LinuxProvisioningConfiguration
testvm
testuser
true



3543..
/home/testuser/.ssh/authorized_keys



XrVtUmeIc.....



1.0

kms.core.windows.net
true
VMAgentPackage.zip



Create SWAP partition – Azure Linux VM

Create SWAP partition – Azure Linux Virtual Machine

The swap partition created using the standard methods may not persist after a machine reboot, for a linux virtual machine hosted in Microsoft Azure environment. The Microsoft Azure provide the option to create SWAP partition – Azure Linux Virtual Machine,  using the /dev/sdb partition and WAAGENT service.  The  WAAGENT service is an Azure Linux agent for Microsoft Azure environment and will be present in Azure Linux virtual machines by default on each VM. The /dev/sdb partition is a volatile partition(similar to RAM). The data stored in this partition will be lost after each machine reboot. So we can make use of this partition as our swap partition.

To enable the swap in Azure linux VM, you need to do edit the file, that is located at /etc/waagent.conf. Look for the below two lines,

# Create and use swapfile on resource disk.

ResourceDisk.EnableSwap=n

# Size of the swapfile.

ResourceDisk.SwapSizeMB=0

Change the ResourceDisk.EnableSwap=y and ResourceDisk.SwapSizeMB=10240, the value 10240 = 10GB. This will create a /swapfile in the resource disk and persistent system swap space will be created. By default the resource disk in an Azure Virtual Machine will be /mnt/resource(/dev/sdb)

# Create and use swapfile on resource disk.

ResourceDisk.EnableSwap=y

# Size of the swapfile.

ResourceDisk.SwapSizeMB=10240

After the change is made, please unmount /mnt and restart the waagent service.

To unmount /mnt, please execute the below command,

umount /mnt

Once the /mnt is unmounted, please execute the below command to restart the WAAGENT service.

For Ubuntu,please execute the below command,

sudo service walinuxagent restart

For CoreOS, please execute the command,

sudo systemctl restart waagent

For other linux distributions, please execute the command,

sudo service waagent restart

https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-agent-user-guide

 

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk

To extend-resize Microsoft Linux Azure Data Disk & OS Disk,  the Powershell method can be used for both Classic and ARM models. By default, the OS disk will be 30 GB for Virtual Machines, which may not be sufficient as the ore data is started to get saved into the OS drive.

PLEASE MAKE SURE THAT, YOU ARE HAVING A VALID BACKUP AVAIALABLE FOR YOUR VIRTUAL MACHINE BEFORE EXECUTING THE BELOW STEPS

Extend Data Disk using Powershell – Classic Mode

To extend a Data disk in an Azure Virtual Machine in Classic Mode, we need to perform the below steps,

  1. Open the Windows Powershell ISE and execute the below script
# Authenticate to Azure Account
 
Add-AzureAccount

# Select Azure Subscription
 
$subscription = (Get-AzureSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure Subscription" `
         -PassThru
 
Select-AzureSubscription -SubscriptionName $subscription -Current

# Now select the Azure Storage Account
 
$storageAccount = (Get-AzureStorageAccount).Label | Out-GridView `
        -Title "Select Azure Storage Account" `
        -PassThru
 
Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storageAccount

# Select Azure VM
 
$vm = Get-AzureVM | Out-GridView -Title "Select your virtual machine" `
         -PassThru

# Select Data Disk to resize
 
$disk = $vm | Get-AzureDataDisk | Out-GridView `
        -Title "Select the data disk to resize" -PassThru
 
$datadiskName = $disk.DiskName

# Specify new Data Disk size in GB, which should be larger than the current disk size
 
do {
 
    $size = 
        Read-Host -Prompt "Specify the new size in GB"

}

until ( $size -gt $disk.LogicalDiskSizeInGB )

# Stop and Deallocate VM prior to resizing data disk
 
$vm | Stop-AzureVM -Force

# Resize Data Disk to Larger Size
 
Update-AzureDisk -Label "$datadiskName" -DiskName "$datadiskName" -ResizedSizeInGB $size

# Start your Virtual Machine

$vm | Start-AzureVM

Extend Data Disk using powershell – ARM Mode

To extend a Data disk in an Azure Virtual Machine in ARM Mode, we need to perform the below steps,

  1. Open the Windows Powershell ISE and execute the below script
# Authenticate to Azure Account
 
Login-AzureRmAccount

# Select Azure Subscription

$subscription = (Get-AzureRmSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure RM Subscription" `
         -PassThru
 
Select-AzureRmSubscription -SubscriptionName $subscription -Current

$rgName = 'Enter your Resource Group Name'
$vmName = 'Enter your VM Name'

$vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName

$vm.StorageProfile.DataDisks[0].DiskSizeGB = &lt;Enter your Disk Size in GB&gt;

# Example,  $vm.StorageProfile.DataDisks[0].DiskSizeGB = 1023
# In the above example, Data Disk is the first one and new size is 1023 GB

Update-AzureRmVM -ResourceGroupName $rgName -VM $vm

Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Extend OS Disk using Powershell – Classic Mode

To extend a OS disk in an Azure Classic Mode Virtual Machine, we need to perform the below steps,

Open the Windows Powershell ISE and execute the below script

# Authenticate to Azure Account
 
Add-AzureAccount

# Select Azure Subscription
 
$subscription = (Get-AzureSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure Subscription" `
         -PassThru
 
Select-AzureSubscription -SubscriptionName $subscription -Current

# Now select the Azure Storage Account
 
$storageAccount = (Get-AzureStorageAccount).Label | Out-GridView `
        -Title "Select Azure Storage Account" `
        -PassThru
 
Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storageAccount

# Get the Azure VM OS Disk Details

Get-AzureVM -ServiceName “&lt;Enter your Cloud Service Name&gt;” -Name “&lt;Enter your Virtual Machine Name&gt;” | Get-AzureOSDisk

# Select Azure VM
 
$vm = Get-AzureVM | Out-GridView -Title "Select your virtual machine" `
         -PassThru

# Select Data Disk to resize
 
$disk = $vm | Get-AzureOSDisk | Out-GridView `
        -Title "Select the OS disk to resize" -PassThru
 
$osdiskName = $disk.DiskName

# Specify new Data Disk size in GB, which should be larger than the current disk size
 
do {
 
    $size = 
        Read-Host -Prompt "Specify the new size in GB"

}

until ( $size -gt $disk.LogicalDiskSizeInGB )

# Stop and Deallocate VM prior to resizing OS disk
 
$vm | Stop-AzureVM -Force

# Resize OS Disk to a Larger Size
 
Update-AzureDisk -Label "$osdiskName" -DiskName "$osdiskName" -ResizedSizeInGB $size

# Start your Virtual Machine

$vm | Start-AzureVM

Extend OS Disk using Powershell – ARM Mode

To extend a OS disk in an Azure ARM mode Virtual Machine, we need to perform the below steps,

Open the Windows Powershell ISE and execute the below script

# Authenticate to Azure Account
 
Login-AzureRmAccount

# Select Azure Subscription

$subscription = (Get-AzureRmSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure RM Subscription" `
         -PassThru
 
Select-AzureRmSubscription -SubscriptionName $subscription -Current

$rgName = 'Enter your Resource Group Name'
$vmName = 'Enter your VM Name'

$vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName

$vm.StorageProfile.OSDisk.DiskSizeGB = &lt;Enter your Disk Size in GB&gt;

Update-AzureRmVM -ResourceGroupName $rgName -VM $vm

Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Extend the File System Volume Size of Linux VM

Login to your Azure VM using SSH via putty or terminal

By default, in Azure the linux virtual machines will have an OS disk of size 30GB. To resize the OS disk(root drive), please execute the below command

1) Run the command,

sudo fdisk /dev/sda

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk2) Press the letter ‘u’ to change the units to sectors.

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk3) Now type the letter ‘p’ to list the partition infomormation. Note the starting sector (e.g. 2048).

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk4) Now we can proceed with deleting the partition table. From the fdisk window, delete the partition.  Press the letter ‘d’ and then select the partition by entering the partition number. By default, it will choose the number  1(Assuming you are modifying OS drive).

In reality, you are not deleting the DATA, but rather modifying the partition table

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk5) Now we need to create a new partition. To create a new partition press the letter ‘n’.

6) Type the letter ‘p’ to create a primary partition.

7) Now you enter the partition number. Type 1 to create the first partition (or another partition number, if required). Use the same starting sector from step 3 and enter a end sector value of your wish or just accept the default end sector value to select the entire disk.

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk8) Type the letter ‘p’ to to ensure all settings are correct. It will print the values to screen.

9)  To save your changes and write to the disc, press ‘w’.

Note : You may get a warning that says:

WARNING: Re-reading the partition table failed with error 16: Device or resource busy. 

Ignore the message, since it is not critical

10) Reboot the vitual machine using by typing the command,

reboot

11) Once the VM is up and running, login to your Azure VM using SSH and type “sudo resize2fs /dev/sdaX” to resize the filesystem for CentOS/RHEL 6.x (where X is the partition number you created in step 7. In CentOS/RHEL 7.x the command is “xfs_growfs -d /dev/sdaX”. This may take some time to complete.

Extend-Resize Microsoft Linux Azure Data Disk & OS Disk12) Verify the new size with df -h

Extend Microsoft Azure Data Disk & OS Disk

Extend Microsoft Azure Data Disk & OS Disk

To extend Microsoft Azure Data Disk & OS Disk,  the Powershell method can be used for both Classic and ARM models. By default, the OS disk will be 30 GB for Virtual Machines, which may not be sufficient as the ore data is started to get saved into the OS drive.

Extend Data Disk using Powershell – Classic Mode

To extend a Data disk in an Azure Virtual Machine in Classic Mode, we need to perform the below steps,

  1. Open the Windows Powershell ISE and execute the below script
# Authenticate to Azure Account
 
Add-AzureAccount

# Select Azure Subscription
 
$subscription = (Get-AzureSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure Subscription" `
         -PassThru
 
Select-AzureSubscription -SubscriptionName $subscription -Current

# Now select the Azure Storage Account
 
$storageAccount = (Get-AzureStorageAccount).Label | Out-GridView `
        -Title "Select Azure Storage Account" `
        -PassThru
 
Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storageAccount

# Select Azure VM
 
$vm = Get-AzureVM | Out-GridView -Title "Select your virtual machine" `
         -PassThru

# Select Data Disk to resize
 
$disk = $vm | Get-AzureDataDisk | Out-GridView `
        -Title "Select the data disk to resize" -PassThru
 
$datadiskName = $disk.DiskName

# Specify new Data Disk size in GB, which should be larger than the current disk size
 
do {
 
    $size = 
        Read-Host -Prompt "Specify the new size in GB"

}

until ( $size -gt $disk.LogicalDiskSizeInGB )

# Stop and Deallocate VM prior to resizing data disk
 
$vm | Stop-AzureVM -Force

# Resize Data Disk to Larger Size
 
Update-AzureDisk -Label "$datadiskName" -DiskName "$datadiskName" -ResizedSizeInGB $size

# Start your Virtual Machine

$vm | Start-AzureVM

Extend Data Disk using powershell – ARM Mode

To extend a Data disk in an Azure Virtual Machine in ARM Mode, we need to perform the below steps,

  1. Open the Windows Powershell ISE and execute the below script
# Authenticate to Azure Account
 
Login-AzureRmAccount

# Select Azure Subscription

$subscription = (Get-AzureRmSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure RM Subscription" `
         -PassThru
 
Select-AzureRmSubscription -SubscriptionName $subscription -Current

$rgName = 'Enter your Resource Group Name'
$vmName = 'Enter your VM Name'

$vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName

$vm.StorageProfile.DataDisks[0].DiskSizeGB = &lt;Enter your Disk Size in GB&gt;

# Example,  $vm.StorageProfile.DataDisks[0].DiskSizeGB = 1023
# In the above example, Data Disk is the first one and new size is 1023 GB

Update-AzureRmVM -ResourceGroupName $rgName -VM $vm

Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Extend OS Disk using Powershell – Classic Mode

To extend a OS disk in an Azure Classic Mode Virtual Machine, we need to perform the below steps,

Open the Windows Powershell ISE and execute the below script

# Authenticate to Azure Account
 
Add-AzureAccount

# Select Azure Subscription
 
$subscription = (Get-AzureSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure Subscription" `
         -PassThru
 
Select-AzureSubscription -SubscriptionName $subscription -Current

# Now select the Azure Storage Account
 
$storageAccount = (Get-AzureStorageAccount).Label | Out-GridView `
        -Title "Select Azure Storage Account" `
        -PassThru
 
Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storageAccount

# Get the Azure VM OS Disk Details

Get-AzureVM -ServiceName “&lt;Enter your Cloud Service Name&gt;” -Name “&lt;Enter your Virtual Machine Name&gt;” | Get-AzureOSDisk

# Select Azure VM
 
$vm = Get-AzureVM | Out-GridView -Title "Select your virtual machine" `
         -PassThru

# Select Data Disk to resize
 
$disk = $vm | Get-AzureOSDisk | Out-GridView `
        -Title "Select the OS disk to resize" -PassThru
 
$osdiskName = $disk.DiskName

# Specify new Data Disk size in GB, which should be larger than the current disk size
 
do {
 
    $size = 
        Read-Host -Prompt "Specify the new size in GB"

}

until ( $size -gt $disk.LogicalDiskSizeInGB )

# Stop and Deallocate VM prior to resizing OS disk
 
$vm | Stop-AzureVM -Force

# Resize OS Disk to a Larger Size
 
Update-AzureDisk -Label "$osdiskName" -DiskName "$osdiskName" -ResizedSizeInGB $size

# Start your Virtual Machine

$vm | Start-AzureVM

Extend OS Disk using Powershell – ARM Mode

To extend a OS disk in an Azure ARM mode Virtual Machine, we need to perform the below steps,

Open the Windows Powershell ISE and execute the below script

# Authenticate to Azure Account
 
Login-AzureRmAccount

# Select Azure Subscription

$subscription = (Get-AzureRmSubscription).SubscriptionName | Out-GridView ` 
        -Title "Select Azure RM Subscription" `
         -PassThru
 
Select-AzureRmSubscription -SubscriptionName $subscription -Current

$rgName = 'Enter your Resource Group Name'
$vmName = 'Enter your VM Name'

$vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName

$vm.StorageProfile.OSDisk.DiskSizeGB = &lt;Enter your Disk Size in GB&gt;

Update-AzureRmVM -ResourceGroupName $rgName -VM $vm

Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Extend the File System Volume of Extended Data or OS Disk – Windows

Once the data disk is extended, the next step is to extend the file system volume on that data disk. For Windows based virtual machines, You can do the volume extension from Server Manager -> Tools -> Computer Management -> Disk Management

Step 1. Open the Server Manager Window

Extend Microsoft Azure Data Disk & OS Disk

Step 2 : Click Tools and then click Computer Management

Extend Microsoft Azure Data Disk & OS Disk

It will open up a window similar to the below picture. Click the Disk Management menu. It will list all the available volumes.

Extend Microsoft Azure Data Disk & OS Disk

Select the Volume, that you wish to extend. Right click the volume to open the menu. Click the Extend Volume option.

Extend Microsoft Azure Data Disk & OS Disk

Click Next button as shown below

Extend Microsoft Azure Data Disk & OS Disk

Then select the size as shown below. Here, we are using a sample volume to extend. So we are extending by 397 MB. After the size is selected, click “Next

Extend Microsoft Azure Data Disk & OS Disk

Now click “Finish” to complete the volume resize.

Extend Microsoft Azure Data Disk & OS Disk

Now you will see the extended volume under Disk Management.
Extend Microsoft Azure Data Disk & OS Disk

https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-expand-os-disk

https://blogs.msdn.microsoft.com/cloud_solution_architect/2016/05/24/step-by-step-how-to-resize-a-linux-vm-os-disk-in-azure-arm/

Create Firewall Rule in Google Cloud Platform

Create Firewall Rule in Google Cloud Platform

A firewall rule is required to access the resources in a network. To create firewall rule in Google Cloud Platform, please login to your GCP portal. Go to the Networking section of the portal and click the “Firewall rules“. Under the “Firewall rules” page, click the “CREATE FIREWALL RULE” link.

Create Firewall Rule in Google Cloud Platform

Once you are in the “Create a firewall rule” page, provide a name for your firewall rule. In our case, we are giving it as ssh-rdp. Under the description, provide a snippet that describes your firewall rule.

Create Firewall Rule in Google Cloud Platform

Select the network from the drop down menu, for which you wish to create the firewall rule. In the Source Filter drop down menu, select the IP ranges. Then  under the Source IP ranges, enter the IP address with its corresponding mask, so that only those IPs will be allowed to access your resources in this network. Under the Allowed protocols and ports section, mention the ports to be opened. If you wish allow TCP port 3389, then mention as tcp:3389. For an udp port 755, mention it as udp:755. Click the button “Create” to create the firewall rule.

Create Firewall Rule in Google Cloud Platform

Once the rule is created, the Firewall rules page will list the rule created, like the one below.

Create Firewall Rule in Google Cloud Platform

gshell method to create firewall rule in GCP

Easiest way of creating a firewall rule in Google Cloud Platform, is to use the gshell. Gshell is fairly easy to use and work with. Please use the below command after connecting to gshell prompt.

 gcloud compute --project "&lt;Your GCP project ID&gt;" firewall-rules create "&lt;Provide the firewall name&gt;" --allow &lt;Provide ports with protocols to be allowed&gt; --description "&lt;Description of firewall rule here&gt;" --network "&lt;Provide the network name here&gt;" --source-ranges "&lt;Provide the IP range to be allowed here&gt;" 

Example :

gcloud compute --project "composite-drive-123456" firewall-rules create "ssh-rdp" --allow tcp:3389,tcp:22 --description "Allow SSH and RDP Access to front end network" --network "frontend-network" --source-ranges "123.456.789.123/32" 

Create Firewall Rule in Google Cloud Platform

Create network in Google Cloud Platform

Create network in Google Cloud Platform

To create network in Google Cloud Platform, step 1 is to Logon to your Google Cloud account.

Move on to the Networking section under the portal. Then click the link “Networks“. It will open up a window for creating the network. Click the “CREATE NETWORK” to start creating your network.

Create network in Google Cloud Platform

Under the “CREATE NETWORK” page, choose a name for your network. Also provide a description which will help you to identify your new network.

Create network in Google Cloud Platform

You can create the subnets under your network from the same page. Provide a “Name” & “Description” for your subnet. Select the “Region” from the drop down menu. Next step is to provide an IP address range for your subnet.  Provide the subnet mask also, when you provide your IP address range. You can create additional subnets by clicking the “+ Add subnetwork“.

Create network in Google Cloud Platform

Gshell Method to create the Network

Open the gshell window. Once it is “connected”, then enter the below code as shown in the picture. Replace the Then press “Enter” to start the code execution.

gcloud compute --project "&lt;project name&gt;" networks create "&lt;network-name&gt;" --description "&lt;Description of your network&gt;" --mode "custom" &amp;&amp; gcloud compute --project "&lt;project name&gt;" networks subnets create "&lt;subnet-name&gt;" --network "&lt;network-name&gt;" --region "&lt;Region-Name&gt;" --range "&lt;IP-Address-Range&gt;" 

Sample

gcloud compute --project "composite-drive-123456" networks create "backend-network" --description "Back End Network for Databases" --mode "custom" &amp;&amp; gcloud compute --project "composite-drive-123456" networks subnets create "backend-subnet" --network "backend-network" --region "us-central1" --range "10.2.0.0/24" 

Create network in Google Cloud Platform

Once the Network creation is done, it will show an output like the one below.

Create network in Google Cloud Platform

The next step is to create firewall rule. Please refer the below link to create a firewall rule in GCP.

http://admindiary.com/create-firewall-rule-in-google-cloud-platform/