The following README will guide you on how to automatically onboard a Azure Ubuntu VM on to Azure Arc using Azure ARM Template. The provided ARM template is responsible of creating the Azure resources as well as executing the Azure Arc onboard script on the VM.
Azure VMs are leveraging the Azure Instance Metadata Service (IMDS) by default. By projecting an Azure VM as an Azure Arc enabled server, a "conflict" is created which will not allow for the Azure Arc server resources to be represented as one when the IMDS is being used and instead, the Azure Arc server will still "act" as a native Azure VM.
However, for demo purposes only, the below guide will allow you to use and onboard Azure VMs to Azure Arc and by doing so, you will be able to simulate a server which is deployed outside of Azure (i.e "on-premises" or in other cloud platforms)
Note: It is not expected for an Azure VM to be projected as an Azure Arc enabled server. The below scenario is unsupported and should ONLY be used for demo and testing purposes.
-
Clone this repo
git clone https://github.com/microsoft/azure_arc.git -
Install or update Azure CLI. Azure CLI should be running version 2.7 or later. Use
az --versionto check your current installed version. -
In case you don't already have one, you can Create a free Azure account.
-
Create Azure Service Principal (SP)
In order for you to deploy the Azure resources using the ARM template, Azure Service Principal assigned with the "Contributor" role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).
az login az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
For example:
az ad sp create-for-rbac -n "http://AzureArcServers" --role contributorOutput should look like this:
{ "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "displayName": "AzureArcServers", "name": "http://AzureArcServers", "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" }
[!Note] It is optional, but highly recommended, to scope the SP to a specific Azure subscription and Resource Group.
-
Azure Arc enabled servers is leveraging the Microsoft.HybridCompute resource provider (RP). Using the bellow command, register the RP.
az provider register --namespace 'Microsoft.HybridCompute'
For you to get familiar with the automation and deployment flow, below is an explanation.
-
User is editing the ARM template parameters file (1-time edit). These params values are being used throughout the deployment.
-
The ARM template incl. an Azure VM Custom Script Extension which will deploy the install_arc_agent.sh Shell Script.
-
In order to allow the Azure VM to successfully be projected as an Azure Arc enabled server, the script will:
-
Set local OS environment variables
-
Generate a ~/.bash_profile file that will be initialized at user's first login to configure the environment. This script will:
-
Stop and disable the "Linux Azure Guest Agent" service
-
Enable OS firewall, and create a new OS Firewall rule to Block Azure IMDS outbound traffic to the 169.254.169.254 Remote Address
-
Install the Azure Arc connected Machine Agent
-
Remove the ~/.bash_profile file so it will not run after first login
-
-
-
User SSH to Linux VM which will start the ~/.bash_profile script execution and will onboard the VM to Azure Arc
[!NOTE] The install_arc_agent.sh shell script will enable the OS firewall and set up new rules for incoming and outgoing connections. By default all incoming and outgoing traffic will be allowed, except blocking Azure IMDS outbound traffic to the 169.254.169.254 Remote Address.
As mentioned, this deployment will use ARM templates. You will deploy a single template, responsible for creating all the Azure resources in a single Resource Group as well onboarding the created VM to Azure Arc.
-
Before deploying the ARM template, login to Azure using AZ CLI with the
az logincommand. -
The deployment is using the ARM template parameters file. Before initiating the deployment, edit the azuredeploy.parameters.json file located in your local cloned repository folder. An example parameters file is located here.
-
To deploy the ARM template, navigate to the local cloned deployment folder and run the below command:
az group create --name <Name of the Azure Resource Group> --location <Azure Region> --tags "Project=jumpstart_azure_arc_servers" az deployment group create \ --resource-group <Name of the Azure Resource Group> \ --name <The name of this deployment> \ --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/master/azure_arc_servers_jumpstart/azure/linux/arm_template/azuredeploy.json \ --parameters <The *azuredeploy.parameters.json* parameters file location>
[!NOTE] Make sure that you are using the same Azure Resource Group name as the one you've just used in the azuredeploy.parameters.json file
For example:
az group create --name Arc-Servers-Linux-Demo --location "westeurope" --tags "Project=jumpstart_azure_arc_servers" az deployment group create \ --resource-group Arc-Servers-Linux-Demo \ --name arclinuxdemo \ --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/master/azure_arc_servers_jumpstart/azure/linux/arm_template/azuredeploy.json \ --parameters azuredeploy.parameters.json
-
Once Azure resources has been provisioned, you will be able to see it in Azure portal.
- Now that the Linux VM has been deployed, it is time to login to it. Using it's public IP, SSH to the VM.
- At first login, as mentioned in the "Automation Flow" section, a logon script will get executed. This script was created as part of the automated deployment process.
Let the script to run its course and do not close the SSH session, this will be done for you once completed.
- Upon successful run, a new Azure Arc enabled server will be added to the Resource Group.
To delete the entire deployment, simply delete the Resource Group from the Azure portal.
