Deploy a Linux Hybrid Runbook Worker

You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the computer that's hosting the role and against resources in the environment to manage those local resources. The Linux Hybrid Runbook Worker executes runbooks as a special user that can be elevated for running commands that need elevation. Runbooks are stored and managed in Azure Automation and then delivered to one or more designated computers.

This article describes how to install the Hybrid Runbook Worker on a Linux machine.

Supported Linux operating systems

The Hybrid Runbook Worker feature supports the following distributions:

  • Amazon Linux 2012.09 to 2015.09 (x86/x64)
  • CentOS Linux 5, 6, and 7 (x86/x64)
  • Oracle Linux 5, 6, and 7 (x86/x64)
  • Red Hat Enterprise Linux Server 5, 6, and 7 (x86/x64)
  • Debian GNU/Linux 6, 7, and 8 (x86/x64)
  • Ubuntu 12.04 LTS, 14.04 LTS, and 16.04 LTS (x86/x64)
  • SUSE Linux Enterprise Server 11 and 12 (x86/x64)

Installing a Linux Hybrid Runbook Worker

To install and configure a Hybrid Runbook Worker on your Linux computer, you follow a straightforward process to manually install and configure the role. It requires enabling the Automation Hybrid Worker solution in your Azure Log Analytics workspace and then running a set of commands to register the computer as a worker and add it to a group.

The minimum requirements for a Linux Hybrid Runbook Worker are:

  • Two cores
  • 4 GB of RAM
  • Port 443 (outbound)

Package requirements

Required package Description Minimum version
Glibc GNU C Library 2.5-12
Openssl OpenSSL Libraries 1.0 (TLS 1.1 and TLS 1.2 are supported
Curl cURL web client 7.15.5
Python-ctypes Python 2.x is required
PAM Pluggable Authentication Modules
Optional package Description Minimum version
PowerShell Core To run PowerShell runbooks, PowerShell needs to be installed, see Installing PowerShell Core on Linux to learn how to install it. 6.0.0

Installation

Before you proceed, note the Log Analytics workspace that your Automation account is linked to. Also note the primary key for your Automation account. You can find both from the Azure portal by selecting your Automation account, selecting Workspace for the workspace ID, and selecting Keys for the primary key. For information on ports and addresses that you need for the Hybrid Runbook Worker, see Configuring your network.

  1. Enable the Automation Hybrid Worker solution in Azure by using one of the following methods:

    • Add the Automation Hybrid Worker solution to your subscription by using the procedure at Add Azure Monitor logs solutions to your workspace.

    • Run the following cmdlet:

       Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName  <ResourceGroupName> -WorkspaceName <WorkspaceName> -IntelligencePackName  "AzureAutomation" -Enabled $true
      
  2. Install the Log Analytics agent for Linux by running the following command. Replace <WorkspaceID> and <WorkspaceKey> with the appropriate values from your workspace.

    Note

    As part of the ongoing transition from Microsoft Operations Management Suite to Azure Monitor, the Operations Management Suite Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <WorkspaceID> -s <WorkspaceKey>
    
  3. Run the following command, changing the values for the parameters -w, -k, -g, and -e. For the -g parameter, replace the value with the name of the Hybrid Runbook Worker group that the new Linux Hybrid Runbook Worker should join. If the name doesn't exist in your Automation account, a new Hybrid Runbook Worker group is made with that name.

    sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/onboarding.py --register -w <LogAnalyticsworkspaceId> -k <AutomationSharedKey> -g <hybridgroupname> -e <automationendpoint>
    
  4. After the command is completed, the Hybrid Worker Groups page in the Azure portal shows the new group and the number of members. If this is an existing group, the number of members is incremented. You can select the group from the list on the Hybrid Worker Groups page and select the Hybrid Workers tile. On the Hybrid Workers page, you see each member of the group listed.

Note

If you are using the Azure Monitor virtual machine extension for Linux for an Azure VM we recommend setting autoUpgradeMinorVersion to false as auto upgrading versions can cause issues the Hybrid Runbook Worker. To learn how to upgrade the extension manually, see Azure CLI deployment .

Turning off signature validation

By default, Linux Hybrid Runbook Workers require signature validation. If you run an unsigned runbook against a worker, you see an error that says "Signature validation failed." To turn off signature validation, run the following command. Replace the second parameter with your log analytics workspace ID.

sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/require_runbook_signature.py --false <LogAnalyticsworkspaceId>

Supported runbook types

Linux Hybrid Runbook Workers don't support the full set of runbook types in Azure Automation.

The following runbook types work on a Linux Hybrid Worker:

  • Python 2

  • PowerShell

    Note

    PowerShell runbooks require PowerShell Core to be installed on the Linux machine. See Installing PowerShell Core on Linux to learn how to install it.

The following runbook types don't work on a Linux Hybrid Worker:

  • PowerShell Workflow
  • Graphical
  • Graphical PowerShell Workflow

Next steps