pfSense Gold Subscription

Author Topic: pfSense is now on Azure  (Read 8778 times)

0 Members and 1 Guest are viewing this topic.

Offline Nic Swart

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: pfSense is now on Azure
« Reply #15 on: December 02, 2017, 03:29:23 pm »
Ok, here is the full instructions, set up a Hyper-V Generation 1 instance with VHD ... NOT VHDX drive with two nics, then run this script in the VM:

Code: [Select]
#! /bin/sh

# After installation, log in and choose:
#  14) to enable sshd
#  8) to login shell

pkg upgrade

pkg install -y python27 py27-setuptools bash git sudo
ln -s /usr/local/bin/python2.7 /usr/bin/python

echo 'ifconfig_hn0="SYNCDHCP"' >> /etc/rc.conf
echo 'console="comconsole vidconsole"' >> /boot/loader.conf
#echo 'comconsole_speed="115200"' >> /boot/loader.conf
echo 'kldload udf'  >> /boot/loader.conf
echo 'vfs.mountroot.timeout=300'  >> /boot/loader.conf
curl -O https://<extract this file from the BSD 11.1 image>/udf.ko
mv udf.ko /boot/kernel/

git clone https://github.com/Azure/WALinuxAgent.git
cd WALinuxAgent
git checkout v2.2.14
python setup.py install
ln -sf /usr/local/sbin/waagent /usr/sbin/waagent
ln -sf /usr/local/sbin/waagent2.0 /usr/sbin/waagent2.0
echo '#! /bin/sh' >> /usr/local/etc/rc.d/waagent.sh
echo '/usr/local/sbin/waagent --daemon' >> /usr/local/etc/rc.d/waagent.sh
chmod +x /usr/local/etc/rc.d/waagent.sh
echo "y" |  /usr/local/sbin/waagent -deprovision+user
echo  'waagent_enable="YES"' >> /etc/rc.conf

Then provision the VM like so:

Code: [Select]

$rgName = "RESOURCEGROUP"
$localFile = "C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\pfSense.vhd"
$urlOfUploadedImageVhd = "https://RESOURCEGROUP.blob.core.windows.net/vhds/pfSense-2.4.2.vhd"
$location = "Central US"

# Create the Source Image
Add-AzureRmVhd -Destination $urlOfUploadedImageVhd -LocalFilePath $localFile -ResourceGroupName $rgName
$imageConfig = New-AzureRmImageConfig -Location $location
$imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType 'Linux' -OsState 'Generalized' -BlobUri $urlOfUploadedImageVhd
$imageName = "pfSense-2.4.2"
$sourceimage = New-AzureRmImage -ImageName $imageName -ResourceGroupName $rgName -Image $imageConfig

# Create the VM
$rgName = "RESOURCEGROUP"
$location = "Central US"
$imageName = "pfSense-2.4.2"
$VMName = "pfSense"
$ComputerName = "pfSense"
$OSDiskName = "pfSense-OSDisk"
$VMSize = "Standard_D2S_V3"
$userName = "pfsense"
$publicIPName = "pfSense-PublicIP"
$publicNICNmame = "pfSense-PublicNIC"
$privateNICNmame = "pfSense-PrivateNIC"
$vnetName = "privateVnet"
$sshPublicKey = "PUBIC_KEY"

$sourceimage = Get-AzureRmImage -ResourceGroupName $rgName -ImageName $imageName

# Definer user name and blank password
$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($userName, $securePassword)

# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Location $location -Name $publicIPName -AllocationMethod Static -IdleTimeoutInMinutes 4

$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName
# Create a virtual network cards and associate with public IP address

$subnet_dmz = "/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/virtualNetworks/privateVnet/subnets/dmzSubnet"
$IPconfig1 = New-AzureRmNetworkInterfaceIpConfig -Name "IPConfig1" -PrivateIpAddressVersion IPv4 -PrivateIpAddress "10.1.1.50" -Primary -SubnetId $subnet_dmz -PublicIpAddressId $pip.Id
$nic1 = New-AzureRmNetworkInterface -Name $publicNICNmame -ResourceGroupName $rgName -Location $location -IpConfiguration $IPconfig1 -EnableIPForwarding

$subnet_priv = "/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.Network/virtualNetworks/privateVnet/subnets/privateSubnet"
$IPconfig2 = New-AzureRmNetworkInterfaceIpConfig -Name "IPConfig2" -PrivateIpAddressVersion IPv4 -PrivateIpAddress "10.1.0.50" -SubnetId $subnet_priv
$nic2 = New-AzureRmNetworkInterface -Name $privateNICNmame -ResourceGroupName $rgName -Location $location -IpConfiguration $IPconfig2 -EnableIPForwarding

# Create the virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $VMSize |
            Set-AzureRmVMOperatingSystem -Linux -ComputerName $ComputerName -Credential $cred -DisablePasswordAuthentication |
            Set-AzureRmVMSourceImage -Id $sourceimage.Id |
            Set-AzureRmVMOSDisk -Name $OSDiskName -StorageAccountType StandardLRS -DiskSizeInGB 256 -CreateOption FromImage -Caching ReadWrite |
            Add-AzureRmVMSshPublicKey -KeyData $sshPublicKey -Path "/home/$($userName)/.ssh/authorized_keys" |
            Add-AzureRmVMNetworkInterface -Id $nic1.Id -Primary | `
            Add-AzureRmVMNetworkInterface -Id $nic2.Id

# Create the virtual machine
New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

Change the IP addresses to match what you specified when you initially created the VM and the (pre-created) vNet/Subnets.... not for the script kiddies, but if you go through these scripts and fill in the missing info you will get a functional instance on Azure ... ;-)
« Last Edit: December 02, 2017, 03:55:48 pm by Nic Swart »

Offline AlBrough

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: pfSense is now on Azure
« Reply #16 on: December 06, 2017, 08:26:56 pm »

Code: [Select]

curl -O https://<extract this file from the BSD 11.1 image>/udf.ko



 Worked this one out. went to the bsd site, downloaded the boot only iso, found the udf.ko file, added it to my local web server and was able to curl it down... make sure it is lowercase, the file name was all upper and had us troubleshooting
« Last Edit: December 07, 2017, 10:09:15 pm by AlBrough »