Azure VM Extensions and Their Various Deployment Options

Azure VM Extensions offer a convenient way to extend the functionality of your virtual machines, but did they know there are multiple deployment options available?

You can deploy Azure VM Extensions during the creation of a virtual machine, through the Azure portal, or using Azure Resource Manager templates.

Some popular Azure VM Extensions include Custom Script, which allows you to run scripts on your virtual machine, and Azure Monitor, which helps you monitor your virtual machine's performance.

You can also deploy Azure VM Extensions using Azure CLI or PowerShell.

You can apply VM extensions to an existing VM through the Azure portal by selecting the VM, then selecting Extensions + Applications, and finally choosing the extension you want from the list of available extensions. This process involves following the instructions in the wizard.

To run Azure VM extensions against an existing VM, you can use the Azure CLI by running the az vm extension set command. This command allows you to specify the extension to run and the VM to apply it to.

You can also use the Azure CLI to list the extensions attached to a VM by running the az vm extension list command. This command displays the name of the extension publisher, providing you with a list of the extensions currently attached to the VM.

Network access is crucial for Azure extensions to function properly. You don't need to allow access to Azure Storage in the VM region if you use a supported version of the Azure VM Agent.

The VM Agent can redirect communication to the Azure fabric controller for agent communications via the HostGAPlugin feature through the privileged channel on private IP address 168.63.129.16.

However, if you block access to this IP address, extensions will fail, even if you use a supported version of the VM Agent or configure outbound access.

Ports 80 and 32526 are required for extensions to function. Different extensions have different requirements because they're applications in their own right.

For example, if an extension installation needs to download a script from GitHub or requires access to Azure Storage, you need to open additional firewall or network security group (NSG) ports.

You can allow access to Azure Storage for extensions that require it by using Azure NSG service tags.

You can apply VM extensions to an existing VM through the Azure portal. Select the VM in the portal, and then select Extensions + Applications. Choose the extension that you want from the list of available extensions, and follow the instructions in the wizard.

The Azure portal allows you to install the Microsoft Antimalware extension by following the instructions in the wizard. This extension helps protect your virtual machine from malware.

To install a VM extension, select the VM, then select Extensions, and then select Add. Choose the extension you want and follow the instructions in the wizard.

The Custom Script extension for Linux can be installed through the Azure portal by selecting the VM, then selecting Extensions, and then selecting Add.

You can view the status of a VM extension in the Azure portal or using the Azure CLI.

After a VM extension has been run against a VM, you can use az vm get-instance-view to return extension status, or Get-AzVM with the -Status switch parameter.

The Azure portal also provides a simple way to view extension execution status: select the VM, then select Extensions, and finally select the desired extension.

The output of Get-AzVM will show you the extension status, with the Substatuses[0] result indicating successful deployment and Substatuses[1] indicating execution failure inside the VM.

You can also find extension execution status in the Azure portal, where you can select the VM, then select Extensions, and finally select the desired extension to view its status.

Azure CLI commands are used to manage Azure VM extensions. The `az vm extension delete` command is used to delete an extension, and the `az vm extension list` command lists the extensions attached to a VM.

You can use the `az vm extension set` command to set extensions for a VM, and the `az vm extension show` command to display information about extensions attached to a VM. The `az vm extension wait` command places the CLI in a waiting state until a condition of a virtual machine extension is met.

Here are some common Azure CLI commands for VM extensions:

Azure CLI Commands are incredibly powerful, and one of the most useful features is the ability to attach extensions to your virtual machines. You can display information about extensions attached to a VM using the "az vm extension show" command.

The possibilities are endless with Azure VM extensions. Each extension has a specific use case, such as applying PowerShell desired state configurations (DSCs) to a VM by using the DSC extension for Windows.

Azure Monitor agent and VM insights can be used to configure monitoring of a VM, while Chef and Datadog extensions can be used to configure monitoring of your Azure infrastructure. Custom Script Extensions are also available for both Windows and Linux virtual machines.

Here are some examples of use cases for Azure VM extensions:

These extensions can be incredibly useful for designing Azure deployments that require configuration beyond what native Azure tooling can provide. Custom scripts can be run on a VM using the Custom Script Extension, which allows any PowerShell script to run on a Windows VM or any Bash script to run on a Linux VM.

The Az List command is a powerful tool in the Azure CLI that allows you to view information about Azure resources. You can use Az List to view the extensions attached to a VM with the command az vm extension list.

To delete an extension, use az vm extension delete. This command will delete the extension, but you can also force the deletion by adding the -Force switch parameter.

If you need to rerun a VM extension, you can remove the extension with az vm extension delete and then rerun it with an execution method of your choice. Alternatively, you can use the Azure portal to remove the extension by selecting Uninstall.

Here's a list of Az List commands that you can use to manage VM extensions:

You can also use Az List to identify if an extension is set with autoUpgradeMinorVersion on a VM. To do this, use az vm show and provide the resource group and VM name. The output will show if autoUpgradeMinorVersion is set to true.

You can run Azure VM extensions against an existing VM by using the az vm extension set command. The command requires the name of the virtual machine extension, which can be customized with a default name.

One or more resource IDs can be provided using the --ids parameter. This should be a complete resource ID containing all information of 'Resource Id' arguments.

To increase logging verbosity, you can use the --debug parameter for full debug logs. The extension settings in JSON format can also be provided using the --settings parameter, which accepts a JSON file path.

The name of the extension publisher can be specified using the az vm extension list command. This command lists the extensions attached to a VM.

Dynatrace OneAgent is a VM extension that can be installed through various methods, including the Azure Portal, Azure CLI, or PowerShell, or by using an ARM template.

You can install Dynatrace OneAgent via an ARM template, which is an alternative to the main installation methods. This approach allows you to make the Dynatrace VM extension part of your ARM templates.

To install the OneAgent extension via an ARM template, you need to create a JSON file that contains the necessary configuration information. The placement of the JSON file affects the value of the resource name and type.

Here are the possible placements for the JSON file:

Installing Dynatrace OneAgent via ARM template is a viable option, but it requires careful consideration of the JSON file placement and its impact on the resource name and type.

You can place the OneAgent extension JSON file inside the virtual machine resource, or at the root or top level of a resource manager JSON template.

When nesting the extension resource, the JSON file is placed in the "resources": [] object of the virtual machine, and the resource name and type are affected accordingly.

Here are some key considerations for nesting the OneAgent extension resource:

Alternatively, you can place the OneAgent extension JSON file at the root of the template, which affects the resource name and type in a different way.

In this case, the resource name includes a reference to the parent virtual machine, and the type reflects the nested configuration.

The placement of the OneAgent extension JSON file is crucial to ensure proper installation and configuration of the extension.

Agents are updated, and understanding how they work is crucial for managing your Azure Virtual Machines. The Azure VM Agent contains only extension-handling code, separate from the Windows provisioning code.

Automatic updates are enabled by default, but you can't disable them. The extension-handling code is responsible for communicating with the Azure fabric and handling VM extension operations.

The agent's automatic update mechanism is shared with extensions. When an update is available and automatic updates are enabled, the update is installed on the VM only after a change to an extension or other VM model changes, such as data disks, extensions, or network profile.

Here are the specific changes that trigger an update:

Publishers make updates available to regions at various times, so it's possible that you can have VMs in different regions on different versions. This means you'll need to check the version of the agent running on your VMs regularly.

The Linux VM Agent contains Provisioning Agent code and extension-handling code in one package. They can't be separated, which is why you can't disable the Provisioning Agent when you want to provision on Azure using cloud-init.

The extension-handling code is responsible for communicating with the Azure fabric and handling VM extension operations. Updates contain security fixes, bug fixes, and enhancements to the extension-handling code.

The agent's parent process can't be automatically updated, but the child process can be updated by the parent process rolling back to the previous child version if there's a problem with the update.

The Linux Agent plays a crucial role in handling VM extensions on Azure virtual machines. It's responsible for managing interactions between the VM and the Azure fabric controller.

The Azure Linux Agent is preinstalled on Azure Marketplace images, which makes it convenient for users who deploy from these sources. However, it can also be installed manually on supported operating systems.

The agent runs on multiple operating systems, but some extensions may not be supported across all of them. If you encounter an error code 51 ("Unsupported OS"), be sure to check the individual extension documentation for supportability.

The Linux Agent is a crucial component for managing Azure VMs. It's responsible for handling interactions between the VM and the Azure fabric controller.

The Linux Agent is preinstalled on Azure Marketplace images and can also be installed manually on supported operating systems. This agent runs on multiple operating systems, but the extensions framework has a limit for the operating systems that extensions use.

Some extensions might not be supported across all operating systems and could emit error code 51 ("Unsupported OS"). Always check the individual extension documentation for supportability.

The Linux Agent contains Provisioning Agent code and extension-handling code in one package. They can't be separated, so you can't disable the Provisioning Agent when you want to provision on Azure by using cloud-init.

Here are the key features of the Linux Agent:

The extension-handling code is responsible for updating the individual extensions, and these updates contain security fixes, bug fixes, and enhancements to the extension-handling code.

If you install the Linux Agent, a parent daemon is created, which then spawns a child process that's used to handle extensions. If an update is available for the agent, it's downloaded, and the parent stops the child process, upgrades it, and then restarts it.

To check what version you're running, check the `waagent` output, which will show the parent (or package deployed version) and the auto-update version. We highly recommend enabling automatic update for the agent to get bug and security fixes.

You can run custom scripts on Azure virtual machines using VM extensions, which are small applications that provide post-deployment configuration and automation tasks.

Azure VM extensions can be used to run arbitrary code, making them useful for tasks like software installation and antivirus protection.

To run a custom script, you can use the Azure VM extension, which can be bundled with ARM template deployments to deploy and configure Azure VMs without post-deployment intervention.

Azure VM extensions run on existing VMs, allowing you to make configuration changes or recover connectivity on an already deployed VM.

You can use the VM extension to run a custom script against an existing VM, providing flexibility and automation in your Azure deployments.