Launch Ubuntu images on Azure¶
This documentation is based on the official Azure documentation for creating Linux virtual machines with the Azure CLI.
Prerequisites¶
A Microsoft Azure account
The URN for an Ubuntu image to be launched (see Find Ubuntu images on Azure)
Launch an Ubuntu image¶
To launch an Ubuntu image, you’ll need to create a resource group and a virtual machine using the selected image.
Create a resource group¶
Define variables to set the resource group name and location for deployment:
RESOURCE_GROUP_NAME="ubuntu-vm-rg"
LOCATION="eastus"
Create a resource group using the group create command:
az group create \
-n $RESOURCE_GROUP_NAME \
-l $LOCATION
Create a Virtual Machine¶
Create a virtual machine using the vm create command.
Depending on the type of Ubuntu image selected, additional arguments may be required to correctly launch the image. However, most Ubuntu images can be launched with the default arguments:
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--generate-ssh-keys
If you want to launch images with security features enabled, refer to the following sections.
With Trusted Launch¶
All Ubuntu images from Ubuntu 20.04 LTS (Focal Fossa) forward support Trusted Launch on Hyper-V Gen2 SKUs. Example definitions of Ubuntu image URNs for Hyper-V Gen2 include:
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest"
# or
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest"
Define the variables to set the security type:
SECURITY_TYPE=TrustedLaunch
Create the virtual machine:
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--generate-ssh-keys
With Confidential VM¶
Select one of the two URNs for Ubuntu images which support CVM on Azure:
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-confidential-vm-jammy:22_04-lts-cvm:latest"
# or
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-confidential-vm-focal:20_04-lts-cvm:latest"
Define variables to set the security type and encryption type:
SECURITY_TYPE=ConfidentialVm
OS_ENCRYPTION_TYPE=DiskWithVMGuestState
Select a virtual machine size which supports CVM on Azure. Note that not all regions will contain the selected virtual machine size, and you may need to specify the region if your default region does not have the selected size:
VM_SIZE=Standard_DC2as_v5
# Standard_DC2as_v5 is available in eastus
LOCATION=eastus
Create the virtual machine:
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--os-disk-security-encryption-type $OS_ENCRYPTION_TYPE \
--size $VM_SIZE \
--location $LOCATION \
--generate-ssh-keys
With Ubuntu Pro¶
To tackle vulnerabilities related to the guest OS and the internal software stack, you can use Ubuntu Pro by adding UBUNTU_PRO as the license-type of the OS. For instance, create a Confidential VM with Ubuntu Pro using:
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--os-disk-security-encryption-type $OS_ENCRYPTION_TYPE \
--size $VM_SIZE \
--location $LOCATION \
--generate-ssh-keys \
--license-type UBUNTU_PRO
For more information on Ubuntu Pro and how to get it, refer to Get Ubuntu Pro on Azure.