將Azure ExpressRoute with Microsoft Peering環境下Linux VM加入Azure Arc管理清單
接續 ExpressRoute with Microsoft Peering with Windows第一次 PoC 成功之後,這裡要繼續研究如何在 Azure ExpressRoute + Microsoft Peering 環境將 Linux VM 加入 Azure Arc 管理清單。一樣分析官方提供的 Shell 指令碼,發現麻煩的一件事,以我們 Linux 環境來說明。我們採用 Ubuntu 22.04,因此 Shell 指令碼協助設定 APT 的下載點,然後,透過 APT 來進行安裝 azcmagent
套件。
# 在此新增服務主體應用程式識別碼及祕密
ServicePrincipalId="ServicePrincipalId";
ServicePrincipalClientSecret="ServicePrincipalClientSecret";
export subscriptionId="subscriptionId";
export resourceGroup="resourceGroup";
export tenantId="tenantId";
export location="eastasia";
export authType="principal";
export correlationId="correlationId";
export cloud="AzureCloud";
output=$(wget https://aka.ms/azcmagent -O ~/install_linux_azcmagent.sh 2>&1);
if [ $? != 0 ]; then wget -qO- --method=PUT --body-data="{\"subscriptionId\":\"$subscriptionId\",\"resourceGroup\":\"$resourceGroup\",\"tenantId\":\"$tenantId\",\"location\":\"$location\",\"correlationId\":\"$correlationId\",\"authType\":\"$authType\",\"operation\":\"onboarding\",\"messageType\":\"DownloadScriptFailed\",\"message\":\"$output\"}" "https://gbl.his.arc.azure.com/log" &> /dev/null || true; fi;
echo "$output";
bash ~/install_linux_azcmagent.sh;
sudo azcmagent connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$resourceGroup" --tenant-id "$tenantId" --location "$location" --subscription-id "$subscriptionId" --cloud "$cloud" --correlation-id "$correlationId";
你可以嘗式跑 install_linux_azcmagent.sh
指令碼,應該能看到新的 APT 下載點:
$ sudo apt update
Hit:1 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
...
這是在開發機 WSL 測試的結果。但各位還記得嗎,我們無法接觸到外部網路資源。因此,實際執行結果會出錯,它根本就下載不了 install_linux_azcmagent.sh
。這時候只能動用 APT 離線下載大法,找一個可以連網的 WSL(例如開發機,這個最方便),一樣執行 install_linux_azcmagent.sh
指令碼,讓它去跑設定好 APT 下載點後,透過指令下載離線 azcmagent
套件,然後想辦法上傳至 Linux 伺服器,再進行安裝。
我實在太習慣斷網環境了,已經很習慣什麼都要來個"離線作業"。哈哈。
讓我們先在 WSL 新增 Linux Software Repository for Microsoft Products:
# Get Ubuntu version
declare repo_version=$(if command -v lsb_release &> /dev/null; then lsb_release -r -s; else grep -oP '(?<=^VERSION_ID=).+' /etc/os-release | tr -d '"'; fi)
# Download Microsoft signing key and repository
wget https://packages.microsoft.com/config/ubuntu/$repo_version/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
# Install Microsoft signing key and repository
sudo dpkg -i packages-microsoft-prod.deb
# Clean up
rm packages-microsoft-prod.deb
# Update packages
sudo apt update
這樣就能在 WSL 手動下載 azcmagent
:
$ sudo apt-cache madison azcmagent
azcmagent | 1.38.02601.1377 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.37.02533.1281 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.36.02501.1232 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.35.02478.1194 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.34.02440.1130 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
azcmagent | 1.33.02399.1041 | https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages
$ sudo apt-get install --download-only azcmagent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
azcmagent
0 upgraded, 1 newly installed, 0 to remove and 61 not upgraded.
Need to get 62.4 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 azcmagent amd64 1.38.02601.1377 [62.4 MB]
Fetched 62.4 MB in 12s (5133 kB/s)
Download complete and in download only mode
$ ls /var/cache/apt/archives
azcmagent_1.38.02601.1377_amd64.deb
透過 --download-only
我們可以順利下載到 azcmagent
套件。注意一下,預設下載路徑會放在 /var/cache/apt/archives
。
當上傳到 Linux 伺服器(也可讀取分享資料夾(這個方式比較簡單)),一樣使用 apt install
來進行離線安裝:
# $sudo apt-get install ./azcmagent_1.37.02533.1281_amd64.deb
$sudo apt install ./azcmagent_1.37.02533.1281_amd64.deb
兩種語法都行。離線安裝好 azcmagent
套件,我們一樣學習 install_linux_azcmagent.sh
指令碼手動執行 azcmagent connect
設定:
$ sudo azcmagent connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$resourceGroup" --tenant-id "$tenantId" --location "$location" --subscription-id "$subscriptionId" --cloud "$cloud" --correlation-id "$correlationId";
INFO Connecting machine to Azure... This might take a few minutes.
INFO Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
INFO Exit Code: AZCM0026: Network Error
INFO For troubleshooting, see https://aka.ms/arc/azcmerror
FATAL required endpoints unavailable: https://agentserviceapi.guestconfiguration.azure.com
疑,有錯也!azcmagent
有提供其他命令可以提供資訊與測試:
$ sudo azcmagent check --location="eastasia"
INFO Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
ENDPOINT |REACHABLE |PRIVATE |TLS |PROXY
https://agentserviceapi.guestconfiguration.azure.com |false |false |unknown |not used
https://ea.his.arc.azure.com |true |false |TLS 1.3 |not used
https://eastasia-gas.guestconfiguration.azure.com |true |false |TLS 1.3 |not used
https://gbl.his.arc.azure.com |true |false |TLS 1.3 |not used
https://login.microsoftonline.com |true |false |TLS 1.3 |not used
https://login.windows.net |true |false |TLS 1.3 |not used
https://management.azure.com |true |false |TLS 1.3 |not used
https://pas.windows.net |true |false |TLS 1.2 |not used
這裡有點奇怪,因為我在 Windows 下去進行 azcmagent check
測試,會一樣是得到 agentserviceapi.guestconfiguration.azure.com
為 false
的狀態,但 Windows 加入 Azure Arc 是正常,而 Linux 則不正常。
PS C:\> azcmagent check --location="eastasia"
INFO Testing connectivity to endpoints that are needed to connect to Azure... This might take a few minutes.
ENDPOINT |REACHABLE |PRIVATE |TLS |PROXY
https://agentserviceapi.guestconfiguration.azure.com |false |false |unknown |not used
https://ea.his.arc.azure.com |true |false |TLS 1.3 |not used
https://eastasia-gas.guestconfiguration.azure.com |true |false |TLS 1.3 |not used
https://gbl.his.arc.azure.com |true |false |TLS 1.3 |not used
https://login.microsoftonline.com |true |false |TLS 1.3 |not used
https://login.windows.net |true |false |TLS 1.3 |not used
https://management.azure.com |true |false |TLS 1.3 |not used
https://pas.windows.net |true |false |TLS 1.2 |not used
這是指前一篇第一次 Windows PoC 成功情境。
是的,我們只能反應給支援組,這裡有個好玩的事。支援組說他只支援 Arc for Windows,Arc for Linux不在支援範圍,最後Arc for Linux的問題被開成 MS Support Case 由另一組團隊來支援。(2024/2/1)
- 2024/2/22 參考「解決ExpressRoute下agentserviceapi.guestconfiguration.azure.com無法連線造成azcmagent連線失敗」,已解決。
沒有留言:
張貼留言
感謝您的留言,如果我的文章你喜歡或對你有幫助,按個「讚」或「分享」它,我會很高興的。