Azure Arc Linux Agent for Hybrid Machine Management

The Azure Arc Linux Agent is a game-changer for hybrid machine management. It allows you to manage your Linux servers from a single pane of glass, just like you would with Azure native resources.

With Azure Arc, you can manage your Linux servers from anywhere, at any time, as long as you have an internet connection. This is made possible by the Azure Arc Linux Agent, which enables seamless communication between your Linux servers and the Azure cloud.

The Azure Arc Linux Agent supports a wide range of Linux distributions, including Ubuntu, CentOS, and RHEL. This means you can manage your diverse Linux estate from a single platform, without worrying about compatibility issues.

By using the Azure Arc Linux Agent, you can streamline your hybrid machine management tasks, such as monitoring, patching, and securing your Linux servers. This can save you a significant amount of time and effort, allowing you to focus on more strategic initiatives.

For more insights, see: Management Group Hierarchy Azure

The installation process for the Azure Arc Linux agent is relatively straightforward. You can download the agent package from Microsoft's package repository, which is available in the preferred package format for your Linux distribution (.rpm or .deb).

To install the agent, you'll need to run a shell script bundle, such as Install_linux_azcmagent.sh, which will install and configure the agent. This script creates several installation folders, including /opt/azcmagent/, /opt/GC_Ext/, and /var/opt/azcmagent/.

The agent installation also creates several daemons, including the Hybrid Instance Metadata Service (IMDS) and the Guest Configuration (policy) service. You can find the log files for these services in various locations, such as /var/opt/azcmagent/log/ and /var/lib/GuestConfig/.

For another approach, see: How to Install Azure Monitor Agent

To install the Azure Connected Machine Agent, you'll need to download the agent package, which can be found on the Microsoft Download Center for Windows or in the Microsoft package repository for Linux. The agent package is available in the preferred package format for your distribution, whether that's RPM or DEB.

For Linux, the shell script bundle Install_linux_azcmagent.sh installs and configures the agent. This script is hosted in the Microsoft package repository and can be downloaded or copied from the Azure portal.

The installation process for the Azure Connected Machine Agent involves three main steps: downloading the agent, installing it, and registering the Azure Arc enabled server with Microsoft Azure. You can find more details on how to connect the Azure Arc enabled servers Connected Machine agent for Windows or Linux on Microsoft Docs.

If you're using Linux, you can expect the installation to create several system-wide configuration changes, including the creation of installation folders, daemons, and log files. For example, the installation will create the /opt/azcmagent/ directory and the himdsd.service daemon.

To manually upgrade the agent, you can use the Setup Wizard, which can be downloaded from https://aka.ms/AzureConnectedMachineAgent. This will automatically upgrade any previous version of the agent.

Here are the system-wide configuration changes you can expect during the installation of the Azure Connected Machine Agent on Linux:

To enable auto provisioning for the Log Analytics agent on Azure Arc devices, navigate to Defender for Cloud and go to environment settings. Press the subscription used during Azure Arc configuration.

You'll then need to go to Auto provisioning and enable the Log Analytics agent for Azure Arc Machines extension, which is currently in preview. This extension is required for Azure Arc machines.

For the preview, you can't select the default workspaces created by Defender for Cloud, but you can configure another Log Analytics workspace by enabling the extension and clicking edit configuration. Select the desired Log Analytics workspace in the configuration.

In the Auto provisioning view, click "Show in inventory" to view all resources missing the extension.

For more insights, see: Azure App Configuration Unique Keys

You can install the Azure Arc Linux agent using the preferred package format for your distribution, such as .rpm or .deb, which is hosted in the Microsoft package repository. This package provides the Connected Machine agent for Linux.

The shell script bundle Install_linux_azcmagent.sh installs and configures the agent, and you don't need to reinstall, upgrade, or remove the agent after a server restart.

To install the agent, you can use the following system-wide configuration changes, which include creating several directories such as /opt/azcmagent/, /opt/GC_Ext/, and /var/opt/azcmagent/.

The agent installation also creates several daemons, including the Hybrid Instance Metadata service (IMDS) daemon, the Guest Configuration (policy) daemon, and the Extension Service daemon.

For troubleshooting, you can check the log files located in /var/opt/azcmagent/log/ and /var/lib/GuestConfig/.

The agent installation also sets several environment variables, including IDENTITY_ENDPOINT and IMDS_ENDPOINT.

If you need to install a specific version of the agent, you can use the package manager to search for available versions and install the desired one.

Here are the general steps to install a specific version of the agent:

For example, to install version 1.28 using apt, you would use the command: sudo apt install azcmagent=1.28.02260.736

Similarly, to install version 1.28 using yum, you would use the command: sudo yum install azcmagent-1.28.02260-755

And to install version 1.28 using zypper, you would use the command: sudo zypper install -f azcmagent-1.28.02260-755

Broaden your view: Azure Function Change Runtime Version

To install the Linux agent, you can use the command `bash ~/Install_linux_azcmagent.sh` on a target machine that can directly communicate with Azure. Alternatively, if your target machine communicates through a proxy server, you'll need to specify the proxy URL and port using the `--proxy` option.

You'll need root access permissions or an account with elevated rights using Sudo to upgrade the agent on a Linux machine. To update the local package index, run the command `sudo apt update` on an Ubuntu machine.

Here are the steps to upgrade the agent on Ubuntu:

Note that actions of the apt command, such as installation and removal of packages, are logged in the `/var/log/dpkg.log` log file.

If you're working with SUSE Enterprise, you'll need to update the local package index to get the latest changes from the repositories. This can be done with the command `sudo zypper refresh`.

To upgrade the agent on SUSE Linux Enterprise, you'll need to run the command `sudo zypper update azcmagent`. This command will upgrade your system and the agent.

Additional reading: Azure App Registration vs Enterprise Application

The zypper command logs its actions, such as installation and removal of packages, in the `/var/log/zypper.log` log file. This can be helpful for troubleshooting or auditing purposes.

You can install the Linux agent on a SUSE Enterprise machine by running the command `bash ~/Install_linux_azcmagent.sh`. If you're behind a proxy server, you'll need to specify the proxy URL and port with the `--proxy` option.

To upgrade the agent on Ubuntu, you'll need to update the local package index first. This is done by running the command `sudo apt update`. This command ensures that your system has access to the latest changes made in the repositories.

The next step is to upgrade your system, which can be achieved by running the command `sudo apt upgrade azcmagent`. This command upgrades the agent to the latest version.

The actions of the apt command, such as installation and removal of packages, are logged in the `/var/log/dpkg.log` log file. This log file provides a record of all the changes made to your system.

For your interest: Azure File Sync Agent

Managing the Azure Arc Linux agent requires some effort, but you can use the Azcmagent tool to connect and disconnect it, and even get additional information about the agent.

You can run the Azcmagent tool with the "show" command to get details about the installed version, Azure information, and more. This will also provide you with troubleshooting information like the path to the log file and an overview of the agent components.

To check the agent version of the connected machine agent, you can use Azure Resource Graph. This allows you to do it at scale, which is super helpful when managing multiple agents.

Worth a look: Azure Key Vault Secret Version

To access the Azure Connected Machine Agent from the command line, you'll need to sign on to the computer with an account that has administrative rights.

You can download the latest agent installer from https://aka.ms/AzureConnectedMachineAgent.

To upgrade the agent silently and create a setup log file, you'll need to run the following command: msiexec.exe /i AzureConnectedMachineAgent.msi /qn /l*v "C:\Support\Logs\azcmagentupgradesetup.log"

Here are the steps to upgrade from the command line in a concise format:

You can configure the Azure Connected Machine agent to communicate through a proxy server using the azcmagent config command or system environment variables. Note that the agent communicates outbound using the HTTP protocol.

If a proxy server is specified in both the agent configuration and system environment variables, the agent configuration will take precedence and become the effective setting. Use azcmagent show to view the effective proxy configuration for the agent.

Azure Arc-enabled servers doesn't support using Log Analytics gateway as a proxy for the Connected Machine agent.

You can configure the agent to communicate through a proxy server by running the command azcmagent config set proxy.url "http://ProxyServerFQDN:port". You can use an IP address or simple hostname in place of the FQDN if your network requires it.

If your proxy server runs on port 80, you may omit ":80" at the end. To check if a proxy server URL is configured in the agent settings, run the command azcmagent config show proxy.url.

For more insights, see: Windows Server 2022 Azure Edition

To stop the agent from communicating through a proxy server, run the command azcmagent config delete proxy.url. You do not need to restart any services when reconfiguring the proxy settings with the azcmagent config command.

If your proxy server requires Basic proxy authentication, specify the proxy URL as "http://ProxyServerFQDN:port?username=ProxyUsername&password=ProxyPassword". The proxy URL including password is stored unencrypted in the agent configuration file.

To set the proxy server environment variable, run the commands export http_proxy="http://ProxyServerFQDN:port" and export https_proxy="http://ProxyServerFQDN:port".

Worth a look: Azure Ad Password Protection Dc Agent

Renaming a server resource in Azure Arc-enabled servers requires some careful steps to ensure a smooth transition.

First, you need to remove the VM extensions installed on the machine. You can do this using the Azure portal, the Azure CLI, or Azure PowerShell.

Before renaming the machine, it's essential to disconnect it from Azure Arc. You can use the azcmagent tool with the Disconnect parameter to do this.

Disconnecting the machine from Azure Arc doesn't remove the Connected Machine agent, so you don't need to remove it as part of this process.

If this caught your attention, see: Azure Arc Agent

To reconnect the machine to Azure Arc with a new name, use the azcmagent tool with the Connect parameter. You can choose your own resource name by passing the --resource-name parameter to the connect command.

Here's a step-by-step guide to renaming a server resource:

Managing the Azure Arc Connected Machine agent is a crucial part of Connected Machine Management. You can use the Azcmagent tool to connect and disconnect the agent, and it also provides additional information such as the installed version and Azure information.

The Azcmagent tool allows you to run the utility with the “show” command to get additional information. You can also use it to troubleshoot issues such as path to the log file and an overview of the state of the different agent components.

To manage the Azure Arc Connected Machine agent, you can check out the Microsoft Docs article for more information. You can also use Azure Resource Graph to check the agent version of the connected machine agent at scale.

Broaden your view: How to Check the Azure Subscription

Renaming an Azure Arc-enabled server resource requires some steps. First, you need to remove the VM extensions before proceeding. You can do this using the Azure portal, the Azure CLI, or Azure PowerShell.

Here are the steps to rename an Azure Arc-enabled server resource:

1. Audit the VM extensions installed on the machine and note their configuration using the Azure CLI or Azure PowerShell.

2. Remove any VM extensions installed on the machine.

3. Disconnect the machine from Azure Arc using the azcmagent tool with the Disconnect parameter.

4. Delete the machine resource from Azure.

5. Re-register the Connected Machine agent with Azure Arc-enabled servers using the azcmagent tool with the Connect parameter.

6. Redeploy the VM extensions that were originally deployed to the machine from Azure Arc-enabled servers.

Disconnecting the agent deletes the corresponding Azure resource for the server and clears the local state of the agent. You can disconnect the agent by running the azcmagent disconnect command as an administrator on the server.

The agent currently supports the following operating systems:

Uninstalling the Azure Connected Machine agent is a straightforward process that requires root access permissions or an account with elevated rights using sudo.

To uninstall the agent on Ubuntu, simply run the command `sudo apt purge azcmagent` in the terminal.

For other Linux operating systems, the command is different. On RHEL, Oracle Linux, and Amazon Linux, you'll need to run `sudo yum remove azcmagent`.

If you're using SLES, you'll use the command `sudo zypper remove azcmagent` to uninstall the agent.

It's worth noting that uninstalling the agent doesn't require a restart of your server, making it a quick and painless process.

Explore further: Uninstall Azure Arc