您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

部署 Linux 混合 Runbook 辅助角色Deploy a Linux Hybrid Runbook Worker

利用 Azure 自动化的混合 Runbook 辅助角色功能,既可以直接在托管角色的计算机上运行 Runbook,也可以对环境中的资源运行 Runbook,从而管理这些本地资源。You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the computer that's hosting the role and against resources in the environment to manage those local resources. Linux 混合 Runbook 辅助角色以特殊用户身份执行 Runbook,该用户身份可进行权限提升,以运行需要提升权限的命令。The Linux Hybrid Runbook Worker executes runbooks as a special user that can be elevated for running commands that need elevation. Runbook 在 Azure 自动化中进行存储和管理,然后发送到一个或多个指定计算机。Runbooks are stored and managed in Azure Automation and then delivered to one or more designated computers.

本文介绍如何在 Linux 计算机上安装混合 Runbook 辅助角色。This article describes how to install the Hybrid Runbook Worker on a Linux machine.

受支持的 Linux 操作系统Supported Linux operating systems

混合 Runbook 辅助角色功能支持以下分发版:The Hybrid Runbook Worker feature supports the following distributions:

  • Amazon Linux 2012.09 到 2015.09 (x86/x64)Amazon Linux 2012.09 to 2015.09 (x86/x64)
  • CentOS Linux 5、6 和 7 (x86/x64)CentOS Linux 5, 6, and 7 (x86/x64)
  • Oracle Linux 5、6 和 7 (x86/x64)Oracle Linux 5, 6, and 7 (x86/x64)
  • Red Hat Enterprise Linux Server 5、6 和 7 (x86/x64)Red Hat Enterprise Linux Server 5, 6, and 7 (x86/x64)
  • Debian GNU/Linux 6、7 和 8 (x86/x64)Debian GNU/Linux 6, 7, and 8 (x86/x64)
  • Ubuntu 12.04 LTS、14.04 LTS 和 16.04 LTS (x86/x64)Ubuntu 12.04 LTS, 14.04 LTS, and 16.04 LTS (x86/x64)
  • SUSE Linux Enterprise Server 11 和 12 (x86/x64)SUSE Linux Enterprise Server 11 and 12 (x86/x64)

安装 Linux 混合 Runbook 辅助角色Installing a Linux Hybrid Runbook Worker

若要在 Linux 计算机上安装和配置混合 Runbook 辅助角色,请按照一个简单明了的过程手动安装和配置此角色。To install and configure a Hybrid Runbook Worker on your Linux computer, you follow a straightforward process to manually install and configure the role. 它需要启用 Azure Log Analytics 工作区中的“自动化混合辅助角色”解决方案,然后运行一组命令将计算机注册为辅助角色,并且将它添加到组中。It requires enabling the Automation Hybrid Worker solution in your Azure Log Analytics workspace and then running a set of commands to register the computer as a worker and add it to a group.

Linux 混合 Runbook 辅助角色的最低要求如下:The minimum requirements for a Linux Hybrid Runbook Worker are:

  • 双核Two cores
  • 4 GB RAM4 GB of RAM
  • 端口 443(出站)Port 443 (outbound)

程序包要求Package requirements

必需的程序包Required package 说明Description 最低版本Minimum version
GlibcGlibc GNU C 库GNU C Library 2.5-122.5-12
OpensslOpenssl OpenSSL 库OpenSSL Libraries 1.0(支持 TLS 1.1 和 TLS 1.2)1.0 (TLS 1.1 and TLS 1.2 are supported
CurlCurl cURL Web 客户端cURL web client 7.15.57.15.5
Python-ctypePython-ctypes 需要 Python 2。xPython 2.x is required
PAMPAM 可插入验证模块Pluggable Authentication Modules
可选包Optional package 说明Description 最低版本Minimum version
PowerShell CorePowerShell Core 若要运行 PowerShell Runbook,需要安装 PowerShell,请参阅在 Linux 上安装 PowerShell Core 了解如何安装。To run PowerShell runbooks, PowerShell needs to be installed, see Installing PowerShell Core on Linux to learn how to install it. 6.0.06.0.0

安装Installation

在继续操作之前,请记下自动化帐户链接到的 Log Analytics 工作区。Before you proceed, note the Log Analytics workspace that your Automation account is linked to. 另请记下自动化帐户的主密钥。Also note the primary key for your Automation account. 在 Azure 门户中选择自己的自动化帐户,选择工作区 ID 对应的“工作区”,然后选择主密钥对应的“密钥”,即可找到这两个值。You can find both from the Azure portal by selecting your Automation account, selecting Workspace for the workspace ID, and selecting Keys for the primary key. 有关混合 Runbook 辅助角色所需的端口和地址的信息,请参阅配置网络For information on ports and addresses that you need for the Hybrid Runbook Worker, see Configuring your network.

  1. 使用以下方法之一,在 Azure 中启用“自动化混合辅助角色”解决方案:Enable the Automation Hybrid Worker solution in Azure by using one of the following methods:

  2. 运行以下命令,安装 Log Analytics Linux 代理。Install the Log Analytics agent for Linux by running the following command. 请将 <WorkspaceID> 和 <WorkspaceKey> 替换为工作区中的相应值。Replace <WorkspaceID> and <WorkspaceKey> with the appropriate values from your workspace.

    备注

    从 Microsoft Operations Management Suite 过渡到 Azure Monitor 期间,Windows 或 Linux 的 Operations Management Suite 代理称为 Windows 或 Linux 的 Log Analytics 代理。As part of the ongoing transition from Microsoft Operations Management Suite to Azure Monitor, the Operations Management Suite Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <WorkspaceID> -s <WorkspaceKey>
    
  3. 运行以下命令,更改 -w-k-g-e 参数的值。Run the following command, changing the values for the parameters -w, -k, -g, and -e. 对于 -g 参数,请将值替换为新的 Linux 混合 Runbook 辅助角色应加入的混合 Runbook 辅助角色组的名称。For the -g parameter, replace the value with the name of the Hybrid Runbook Worker group that the new Linux Hybrid Runbook Worker should join. 如果自动化帐户中尚不存在该名称,系统会使用该名称生成一个新的混合 Runbook 辅助角色组。If the name doesn't exist in your Automation account, a new Hybrid Runbook Worker group is made with that name.

    sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/onboarding.py --register -w <LogAnalyticsworkspaceId> -k <AutomationSharedKey> -g <hybridgroupname> -e <automationendpoint>
    
  4. 命令完成后,Azure 门户中的“混合辅助角色组”页面会显示新组和成员数。After the command is completed, the Hybrid Worker Groups page in the Azure portal shows the new group and the number of members. 如果这是现有的组,则成员数会递增。If this is an existing group, the number of members is incremented. 可以从“混合辅助角色组”页上的列表中选择组,并选择“混合辅助角色”磁贴。You can select the group from the list on the Hybrid Worker Groups page and select the Hybrid Workers tile. 在“混合辅助角色”页上,会列出组的每个成员。On the Hybrid Workers page, you see each member of the group listed.

备注

如果要对 Azure VM 使用用于 Linux 的 Azure Monitor 虚拟机扩展,我们建议将 autoUpgradeMinorVersion 设置为 false,因为自动升级版本可能会导致混合 Runbook 辅助角色出现问题。If you are using the Azure Monitor virtual machine extension for Linux for an Azure VM we recommend setting autoUpgradeMinorVersion to false as auto upgrading versions can cause issues the Hybrid Runbook Worker. 若要了解如何手动升级扩展,请参阅 Azure CLI 部署To learn how to upgrade the extension manually, see Azure CLI deployment .

关闭签名验证Turning off signature validation

默认情况下,Linux 混合 Runbook 辅助角色需要签名验证。By default, Linux Hybrid Runbook Workers require signature validation. 如果针对辅助角色运行未签名的 runbook,将看到显示“签名验证失败”字样的错误。If you run an unsigned runbook against a worker, you see an error that says "Signature validation failed." 若要禁用签名验证,请运行以下命令。To turn off signature validation, run the following command. 将第二个参数替换为 Log Analytics 工作区 ID。Replace the second parameter with your log analytics workspace ID.

sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/require_runbook_signature.py --false <LogAnalyticsworkspaceId>

支持的 runbook 类型Supported runbook types

Linux 混合 Runbook 辅助角色并非支持 Azure 自动化中的全套 Runbook 类型。Linux Hybrid Runbook Workers don't support the full set of runbook types in Azure Automation.

以下 runbook 类型可以在 Linux 混合辅助角色上工作:The following runbook types work on a Linux Hybrid Worker:

以下 Runbook 类型不能在 Linux 混合辅助角色上运行:The following runbook types don't work on a Linux Hybrid Worker:

  • PowerShell 工作流PowerShell Workflow
  • 图形Graphical
  • 图形 PowerShell 工作流Graphical PowerShell Workflow

后续步骤Next steps