網頁

將Azure ExpressRoute with Microsoft Peering環境下Linux VM加入Azure Arc管理清單

將Azure ExpressRoute with Microsoft Peering環境下Linux VM加入Azure Arc管理清單

接續 ExpressRoute with Microsoft Peering with Windows第一次 PoC 成功之後,這裡要繼續研究如何在 Azure ExpressRoute + Microsoft Peering 環境將 Linux VM 加入 Azure Arc 管理清單。一樣分析官方提供的 Shell 指令碼,發現麻煩的一件事,以我們 Linux 環境來說明。我們採用 Ubuntu 22.04,因此 Shell 指令碼協助設定 APT 的下載點,然後,透過 APT 來進行安裝 azcmagent 套件。

# 在此新增服務主體應用程式識別碼及祕密
ServicePrincipalId="ServicePrincipalId";
ServicePrincipalClientSecret="ServicePrincipalClientSecret";

export subscriptionId="subscriptionId";
export resourceGroup="resourceGroup";
export tenantId="tenantId";
export location="eastasia";
export authType="principal";
export correlationId="correlationId";
export cloud="AzureCloud";
output=$(wget https://aka.ms/azcmagent -O ~/install_linux_azcmagent.sh 2>&1);
if [ $? != 0 ]; then wget -qO- --method=PUT --body-data="{\"subscriptionId\":\"$subscriptionId\",\"resourceGroup\":\"$resourceGroup\",\"tenantId\":\"$tenantId\",\"location\":\"$location\",\"correlationId\":\"$correlationId\",\"authType\":\"$authType\",\"operation\":\"onboarding\",\"messageType\":\"DownloadScriptFailed\",\"message\":\"$output\"}" "https://gbl.his.arc.azure.com/log" &> /dev/null || true; fi;
echo "$output";
bash ~/install_linux_azcmagent.sh;
sudo azcmagent connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$resourceGroup" --tenant-id "$tenantId" --location "$location" --subscription-id "$subscriptionId" --cloud "$cloud" --correlation-id "$correlationId";

你可以嘗式跑 install_linux_azcmagent.sh 指令碼,應該能看到新的 APT 下載點:

$ sudo apt update
Hit:1 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
...

這是在開發機 WSL 測試的結果。但各位還記得嗎,我們無法接觸到外部網路資源。因此,實際執行結果會出錯,它根本就下載不了 install_linux_azcmagent.sh。這時候只能動用 APT 離線下載大法,找一個可以連網的 WSL(例如開發機,這個最方便),一樣執行 install_linux_azcmagent.sh 指令碼,讓它去跑設定好 APT 下載點後,透過指令下載離線 azcmagent 套件,然後想辦法上傳至 Linux 伺服器,再進行安裝。

我實在太習慣斷網環境了,已經很習慣什麼都要來個"離線作業"。哈哈。

讓我們先在 WSL 新增 Linux Software Repository for Microsoft Products

# Get Ubuntu version
declare repo_version=$(if command -v lsb_release &> /dev/null; then lsb_release -r -s; else grep -oP '(?<=^VERSION_ID=).+' /etc/os-release | tr -d '"'; fi)
# Download Microsoft signing key and repository
wget https://packages.microsoft.com/config/ubuntu/$repo_version/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
# Install Microsoft signing key and repository
sudo dpkg -i packages-microsoft-prod.deb
# Clean up
rm packages-microsoft-prod.deb
# Update packages
sudo apt update

這樣就能在 WSL 手動下載 azcmagent

$ sudo apt-cache madison azcmagent
azcmagent | 1.38.02601.1377 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.37.02533.1281 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.36.02501.1232 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.35.02478.1194 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.34.02440.1130 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.33.02399.1041 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages

$ sudo apt-get install --download-only azcmagent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  azcmagent
0 upgraded, 1 newly installed, 0 to remove and 61 not upgraded.
Need to get 62.4 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 azcmagent amd64 1.38.02601.1377 [62.4 MB]
Fetched 62.4 MB in 12s (5133 kB/s)
Download complete and in download only mode

$ ls /var/cache/apt/archives
azcmagent_1.38.02601.1377_amd64.deb

透過 --download-only 我們可以順利下載到 azcmagent 套件。注意一下,預設下載路徑會放在 /var/cache/apt/archives

當上傳到 Linux 伺服器(也可讀取分享資料夾(這個方式比較簡單)),一樣使用 apt install 來進行離線安裝:

# $sudo apt-get install ./azcmagent_1.37.02533.1281_amd64.deb
$sudo apt install ./azcmagent_1.37.02533.1281_amd64.deb

兩種語法都行。離線安裝好 azcmagent 套件,我們一樣學習 install_linux_azcmagent.sh 指令碼手動執行 azcmagent connect 設定:

$ sudo azcmagent connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$resourceGroup" --tenant-id "$tenantId" --location "$location" --subscription-id "$subscriptionId" --cloud "$cloud" --correlation-id "$correlationId";
INFO    Connecting machine to Azure... This might take a few minutes.
INFO    Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
INFO    Exit Code:  AZCM0026: Network Error
INFO    For troubleshooting, see https://aka.ms/arc/azcmerror
FATAL   required endpoints unavailable: https://agentserviceapi.guestconfiguration.azure.com

疑,有錯也!azcmagent 有提供其他命令可以提供資訊與測試:

$ sudo azcmagent check --location="eastasia"
INFO    Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
ENDPOINT                                              |REACHABLE  |PRIVATE  |TLS      |PROXY
https://agentserviceapi.guestconfiguration.azure.com  |false      |false    |unknown  |not used
https://ea.his.arc.azure.com                          |true       |false    |TLS 1.3  |not used
https://eastasia-gas.guestconfiguration.azure.com     |true       |false    |TLS 1.3  |not used
https://gbl.his.arc.azure.com                         |true       |false    |TLS 1.3  |not used
https://login.microsoftonline.com                     |true       |false    |TLS 1.3  |not used
https://login.windows.net                             |true       |false    |TLS 1.3  |not used
https://management.azure.com                          |true       |false    |TLS 1.3  |not used
https://pas.windows.net                               |true       |false    |TLS 1.2  |not used

這裡有點奇怪,因為我在 Windows 下去進行 azcmagent check 測試,會一樣是得到 agentserviceapi.guestconfiguration.azure.comfalse 的狀態,但 Windows 加入 Azure Arc 是正常,而 Linux 則不正常。

PS C:\> azcmagent check --location="eastasia"
INFO    Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
ENDPOINT                                              |REACHABLE  |PRIVATE  |TLS      |PROXY
https://agentserviceapi.guestconfiguration.azure.com  |false      |false    |unknown  |not used
https://ea.his.arc.azure.com                          |true       |false    |TLS 1.3  |not used
https://eastasia-gas.guestconfiguration.azure.com     |true       |false    |TLS 1.3  |not used
https://gbl.his.arc.azure.com                         |true       |false    |TLS 1.3  |not used
https://login.microsoftonline.com                     |true       |false    |TLS 1.3  |not used
https://login.windows.net                             |true       |false    |TLS 1.3  |not used
https://management.azure.com                          |true       |false    |TLS 1.3  |not used
https://pas.windows.net                               |true       |false    |TLS 1.2  |not used

這是指前一篇第一次 Windows PoC 成功情境。

是的,我們只能反應給支援組,這裡有個好玩的事。支援組說他只支援 Arc for Windows,Arc for Linux不在支援範圍,最後Arc for Linux的問題被開成 MS Support Case 由另一組團隊來支援。(2024/2/1)

  • 2024/2/22 參考「解決ExpressRoute下agentserviceapi.guestconfiguration.azure.com無法連線造成azcmagent連線失敗」,已解決。

沒有留言:

張貼留言

感謝您的留言,如果我的文章你喜歡或對你有幫助,按個「讚」或「分享」它,我會很高興的。