Scale Onboarding for Linux
Onboarding multiple Linux servers with a service principal, then connecting with the azcmagent.
For the linux VMs we will use the portal to generate a script which can then be used on multiple servers.
This is a good fit with linux VMs as the on prem linux admins will usually have their own preferred tooling for remote execution of scripts on multiple hosts. It could be simple scripted sftp and ssh commands, or something more industrial such as Ansible, Chef, Puppet, Salt etc.
Providing the generated script and service principal credentials to others for execution is not considered a security issue.
The very limited RBAC role given to the service principal is only capable of onboarding VMs and nothing more.
This lab will emulate that script handover as it is closer to the workflow you would see in a professional services engagement.
If you are working as a team then ensure that the script generation and execution are done by different people.
Your role is to create a working script for the linux admins to use.
Provide a generated script that can be executed on multiple servers
Ensure the script uses the service principal that was created in the last lab
Include the following tags:
Tag Value platform VMware vSphere cluster POC
If you are using a non-Azure platform for your on prem VMs then feel free to change the tag values.
💡 Hint: the generated script will need a little work. Copy into vscode notepad++ or another editor, make the changes and clean up.
Onboard the linux VMs
As a linux admin, you will run the provided script on each of the VMs.
On each on prem linux server:
- Create a local script on each server called arc.sh
- Run the arc.sh script as root, e.g.
sudo sh arc.sh
If you have used the default variables with the terraform repo then you will be using the Bastion service to connect:
Simple Resource Graph query
One of the benefits of onboarding on prem VMs to Azure is the core management plane organisation and reporting. The Kusto queries in Resource Graph Explorer is great for reporting across multiple subscriptions and resource groups.
Create and save a simple Resource Graph query that lists the connected machines
Hint: Look at the properties blade for an Azure Arc-enabled Server to find the provider type and then search the resources in the Resource Graph Explorer.
Refined Resource Graph use (optional)
This is a stretch target.
- Customise the previous query to only show the following fields
Save the query
Add to a workbook and save to the poc_pilot resource group
Hint: Check out the Kusto Query Language’s project operator
How would you deal with an environment that
- Uses a proxy server to access the internet?
- Does not allow any internet connectivity?
Screen share with your proctor to show that you achieved:
- Onboarding all linux servers
- Basic Resource Graph Explorer report
- Customised Resource Graph query
- Azure Monitor Workbook with the resulting table
In the next lab you will onboard the Windows VMs using Windows Admin Center.
Help us improve
Azure Citadel is a community site built on GitHub, please contribute and send a pull requestMake a change