docs(firewall): Add troubleshooting section, if both external and ser…

…ver-side firewall are configured. Add Azure recovery instructions.

docs/develop/update/firewall.rst

@@ -285,3 +285,21 @@ The ``firewall.sh`` script rewrites all iptables rules. However, Docker needs to
    .. code-block:: bash
 
       systemctl restart docker
+
+Troubleshoot
+~~~~~~~~~~~~
+
+If you configure an external firewall without resetting the server-side firewall, you cannot connect to the server. Either:
+
+Recovery
+  -  :ref:`Recover the server<recover-server>`
+  -  Run ``/home/sysadmin-tools/bin/firewall_reset.sh`` as the ``root`` user
+Firewall
+  -  Open port 8255 in the external firewall
+  -  :doc:`Connect to the server<../../use/ssh>` as the ``root`` user
+  -  Run ``/home/sysadmin-tools/bin/firewall_reset.sh``
+  -  Close port 8255 in the external firewall
+
+.. note::
+
+   On Azure, instead of the ``root`` user, use the ``ocpadmin`` user, and run commands with ``sudo``.

docs/maintain/hosting.rst

@@ -145,3 +145,17 @@ If a server becomes inaccessible, including via SSH, log into the hosting provid
          .. tab-item:: KVM Console
 
             Hetzner technicians attach a remote console (`KVM Console <https://docs.hetzner.com/robot/dedicated-server/maintainance/kvm-console/>`__) to a dedicated server. This option is slow to set up, but might be required if the issue is with the network, firewall or SSH configuration.
+
+   .. tab-item:: Azure
+
+      #. `Log into Azure <https://portal.azure.com>`__
+      #. Click the *Virtual machines* icon
+      #. Select the server you want to access
+      #. Click the *Connect* menu item
+      #. Expand the *More ways to connect* detail
+      #. Click the *Go to serial console* button
+      #. Login as ``ocpadmin``, using the password from OCP's `LastPass <https://www.lastpass.com>`__ account
+
+      .. seealso::
+
+         `Azure Serial Console <https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview>`__