您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

部署 Linux 混合 Runbook 辅助角色Deploy a Linux Hybrid Runbook Worker

你可以使用 Azure 自动化的混合 Runbook 辅助角色功能直接在托管角色的计算机上运行 runbook,并针对环境中的资源运行 runbook,从而管理这些本地资源。You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the machine that's hosting the role and against resources in the environment to manage those local resources. Linux 混合 Runbook 辅助角色以特殊用户身份执行 Runbook,该用户身份可进行权限提升,以运行需要提升权限的命令。The Linux Hybrid Runbook Worker executes runbooks as a special user that can be elevated for running commands that need elevation. Azure Automation 存储和管理 runbook,然后将其传送到一个或多个指定的计算机。Azure Automation stores and manages runbooks and then delivers them to one or more designated machines. 本文介绍了如何在 Linux 计算机上安装混合 Runbook 辅助角色,如何删除辅助角色,以及如何删除混合 Runbook 辅助角色组。This article describes how to install the Hybrid Runbook Worker on a Linux machine, how to remove the worker, and how to remove a Hybrid Runbook Worker group.

成功部署 Runbook 辅助角色后,请查看在混合 Runbook 辅助角色上运行 Runbook,了解如何配置 Runbook,使本地数据中心或其他云环境中的过程实现自动化。After you successfully deploy a runbook worker, review Run runbooks on a Hybrid Runbook Worker to learn how to configure your runbooks to automate processes in your on-premises datacenter or other cloud environment.

先决条件Prerequisites

在开始之前,请确保做好以下准备:Before you start, make sure that you have the following:

Log Analytics 工作区A Log Analytics workspace

混合 Runbook 辅助角色依赖于 Azure Monitor Log Analytics 工作区来安装和配置角色。The Hybrid Runbook Worker role depends on an Azure Monitor Log Analytics workspace to install and configure the role. 可以通过Azure 资源管理器PowerShellAzure 门户来创建它。You can create it through Azure Resource Manager, through PowerShell, or in the Azure portal.

如果 Log Analytics 工作区没有 Azure Monitor,请在创建工作区之前查看Azure Monitor 日志设计指南If you don't have an Azure Monitor Log Analytics workspace, review the Azure Monitor Log design guidance before you create the workspace.

如果你有一个工作区,但它未链接到自动化帐户,则启用自动功能会添加 Azure 自动化的功能,包括支持混合 Runbook 辅助角色。If you have a workspace, but it is not linked to your Automation account, enabling an Automation feature adds functionality for Azure Automation, including support for the Hybrid Runbook Worker. 当你在 Log Analytics 工作区中启用 Azure 自动化功能之一时,特别更新管理更改跟踪和清单,辅助角色组件会自动推送到代理计算机。When you enable one of the Azure Automation features in your Log Analytics workspace, specifically Update Management or Change Tracking and Inventory, the worker components are automatically pushed to the agent machine.

若要将更新管理功能添加到工作区,请运行以下 PowerShell cmdlet:To add the Update Management feature to your workspace, run the following PowerShell cmdlet:

    Set-AzOperationalInsightsIntelligencePack -ResourceGroupName <logAnalyticsResourceGroup> -WorkspaceName <logAnalyticsWorkspaceName> -IntelligencePackName "Updates" -Enabled $true

若要将更改跟踪和清单功能添加到工作区,请运行以下 PowerShell cmdlet:To add the Change Tracking and Inventory feature to your workspace, run the following PowerShell cmdlet:

    Set-AzOperationalInsightsIntelligencePack -ResourceGroupName <logAnalyticsResourceGroup> -WorkspaceName <logAnalyticsWorkspaceName> -IntelligencePackName "ChangeTracking" -Enabled $true

Log Analytics 代理Log Analytics agent

混合 Runbook 辅助角色需要适用于支持的 Linux 操作系统的Log Analytics 代理The Hybrid Runbook Worker role requires the Log Analytics agent for the supported Linux operating system.

受支持的 Linux 操作系统Supported Linux operating systems

混合 Runbook 辅助角色功能支持以下分发版:The Hybrid Runbook Worker feature supports the following distributions:

  • Amazon Linux 2012.09 到 2015.09 (x86/x64)Amazon Linux 2012.09 to 2015.09 (x86/x64)
  • CentOS Linux 5、6 和 7 (x86/x64)CentOS Linux 5, 6, and 7 (x86/x64)
  • Oracle Linux 5、6 和 7 (x86/x64)Oracle Linux 5, 6, and 7 (x86/x64)
  • Red Hat Enterprise Linux Server 5、6 和 7 (x86/x64)Red Hat Enterprise Linux Server 5, 6, and 7 (x86/x64)
  • Debian GNU/Linux 6、7 和 8 (x86/x64)Debian GNU/Linux 6, 7, and 8 (x86/x64)
  • Ubuntu 12.04 LTS、14.04 LTS、16.04 LTS 和 18.04 (x86/x64)Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 18.04 (x86/x64)
  • SUSE Linux Enterprise Server 11 和 12 (x86/x64)SUSE Linux Enterprise Server 11 and 12 (x86/x64)

最低要求Minimum requirements

Linux 混合 Runbook 辅助角色的最低要求如下:The minimum requirements for a Linux Hybrid Runbook Worker are:

  • 双核Two cores
  • 4 GB RAM4 GB of RAM
  • 端口 443(出站)Port 443 (outbound)
必需的程序包Required package 说明Description 最低版本Minimum version
GlibcGlibc GNU C 库GNU C Library 2.5-122.5-12
OpensslOpenssl OpenSSL 库OpenSSL Libraries 1.0(支持 TLS 1.1 和 TLS 1.2)1.0 (TLS 1.1 and TLS 1.2 are supported)
CurlCurl cURL Web 客户端cURL web client 7.15.57.15.5
Python-ctypePython-ctypes 需要 Python 2.xPython 2.x is required
PAMPAM 可插入验证模块Pluggable Authentication Modules
可选包Optional package 说明Description 最低版本Minimum version
PowerShell CorePowerShell Core 若要运行 PowerShell runbook,需要安装 PowerShell Core。To run PowerShell runbooks, PowerShell Core needs to be installed. 请参阅在 Linux 上安装 PowerShell Core 了解如何安装。See Installing PowerShell Core on Linux to learn how to install it. 6.0.06.0.0

支持的 runbook 类型Supported runbook types

Linux 混合 Runbook 辅助角色在 Azure 自动化中支持有限的一组 Runbook 类型,下表对它们进行了介绍。Linux Hybrid Runbook Workers support a limited set of runbook types in Azure Automation, and they are described in the following table.

Runbook 类型Runbook type 支持Supported
Python 2Python 2 “是”Yes
PowerShellPowerShell 1Yes1
PowerShell 工作流PowerShell Workflow No
图形Graphical No
图形 PowerShell 工作流Graphical PowerShell Workflow No

1PowerShell runbook 要求在 Linux 计算机上安装 PowerShell Core。1PowerShell runbooks require PowerShell Core to be installed on the Linux machine. 请参阅在 Linux 上安装 PowerShell Core 了解如何安装。See Installing PowerShell Core on Linux to learn how to install it.

安装 Linux 混合 Runbook 辅助角色Install a Linux Hybrid Runbook Worker

若要安装和配置 Linux 混合 Runbook 辅助角色,请执行以下步骤。To install and configure a Linux Hybrid Runbook Worker, perform the following steps.

  1. 将 Log Analytics 代理部署到目标计算机。Deploy the Log Analytics agent to the target machine.

    • 对于 Azure Vm,请使用适用于 linux 的虚拟机扩展安装适用于 linux 的 Log Analytics 代理。For Azure VMs, install the Log Analytics agent for Linux using the virtual machine extension for Linux. 该扩展在 Azure 虚拟机上安装 Log Analytics 代理,并使用 Azure 资源管理器模板或 Azure CLI 将虚拟机注册到现有 Log Analytics 工作区。The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace using an Azure Resource Manager template or the Azure CLI. 安装代理后,可以将 VM 添加到自动化帐户中的混合 Runbook 辅助角色组。Once the agent is installed, the VM can be added to a Hybrid Runbook Worker group in your Automation account.

    • 对于非 Azure Vm,请使用将linux 计算机连接到 Azure Monitor一文中所述的部署选项安装适用于 Linux 的 Log Analytics 代理。For non-Azure VMs, install the Log Analytics agent for Linux using the deployment options described in the Connect Linux computers to Azure Monitor article. 你可以对多台计算机重复此过程,以将多个辅助角色添加到你的环境中。You can repeat this process for multiple machines to add multiple workers to your environment. 安装代理后,可将 Vm 添加到自动化帐户的混合 Runbook 辅助角色组。Once the agent is installed, the VMs can be added to a Hybrid Runbook Worker group in your Automation account.

    备注

    若要管理支持混合 Runbook 辅助角色和所需状态配置(DSC)的计算机的配置,你必须将计算机添加为 DSC 节点。To manage the configuration of machines that support the Hybrid Runbook Worker role with Desired State Configuration (DSC), you must add the machines as DSC nodes.

    备注

    在安装 Linux 混合辅助角色期间,必须存在具有相应 sudo 权限的 nxautomation 帐户The nxautomation account with the corresponding sudo permissions must be present during installation of the Linux Hybrid Worker. 如果尝试安装辅助角色,但该帐户不存在或没有相应权限,则安装会失败。If you try to install the worker and the account is not present or doesn’t have the appropriate permissions, the installation fails.

  2. 验证代理是否正在向工作区报告。Verify agent is reporting to workspace.

    适用于 Linux 的 Log Analytics 代理将计算机连接到 Azure Monitor Log Analytics 工作区。The Log Analytics agent for Linux connects machines to an Azure Monitor Log Analytics workspace. 当你在计算机上安装代理并将其连接到工作区时,它会自动下载混合 Runbook 辅助角色所需的组件。When you install the agent on your machine and connect it to your workspace, it automatically downloads the components that are required for the Hybrid Runbook Worker.

    几分钟后,如果代理已成功连接到 Log Analytics 工作区,则可以运行以下查询,验证是否正在向工作区发送检测信号数据。When the agent has successfully connected to your Log Analytics workspace after a few minutes, you can run the following query to verify that it is sending heartbeat data to the workspace.

    Heartbeat 
    | where Category == "Direct Agent"
    | where TimeGenerated > ago(30m)
    

    在搜索结果中,应该会看到计算机的检测信号记录,指出它已连接并向服务报告。In the search results, you should see heartbeat records for the machine, indicating that it is connected and reporting to the service. 默认情况下,每个代理都会将检测信号记录转发到其分配的工作区。By default, every agent forwards a heartbeat record to its assigned workspace.

  3. 运行以下命令,将计算机添加到混合 Runbook 辅助角色组,并指定参数的值 -w-k-g-eRun the following command to add the machine to a Hybrid Runbook Worker group, specifying the values for the parameters -w, -k, -g, and -e.

    -k -e 从自动化帐户中的 "密钥" 页获取参数和所需的信息。You can get the information required for parameters -k and -e from the Keys page in your Automation account. 从页面左侧的 "帐户设置" 部分下选择 "密钥"。Select Keys under the Account settings section from the left-hand side of the page.

    “管理密钥”页

    • 对于 -e 参数,请复制 " URL" 的值。For the -e parameter, copy the value for URL.

    • 对于 -k 参数,请复制 "主访问密钥" 的值。For the -k parameter, copy the value for PRIMARY ACCESS KEY.

    • 对于 -g 参数,请指定新 Linux 混合 runbook 辅助角色应加入的混合 Runbook 辅助角色组的名称。For the -g parameter, specify the name of the Hybrid Runbook Worker group that the new Linux Hybrid Runbook worker should join. 如果此组已存在于自动化帐户中,则会将当前计算机添加到其中。If this group already exists in the Automation account, the current machine is added to it. 如果该组不存在,则将用该名称创建它。If this group doesn't exist, it is created with that name.

    • 对于 -w 参数,请指定 Log Analytics 工作区 ID。For the -w parameter, specify your Log Analytics workspace ID.

    sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/onboarding.py --register -w <logAnalyticsworkspaceId> -k <automationSharedKey> -g <hybridGroupName> -e <automationEndpoint>
    
  4. 命令完成后,你的自动化帐户中的 "混合辅助角色组" 页将显示新组和成员数。After the command is completed, the Hybrid Worker Groups page in your Automation account shows the new group and the number of members. 如果这是现有的组,则成员数会递增。If this is an existing group, the number of members is incremented. 可以从“混合辅助角色组”页上的列表中选择组,并选择“混合辅助角色”磁贴。You can select the group from the list on the Hybrid Worker Groups page and select the Hybrid Workers tile. 在“混合辅助角色”页上,会列出组的每个成员。On the Hybrid Workers page, you see each member of the group listed.

    备注

    如果你使用的是适用于 Linux 的 Log Analytics 虚拟机扩展用于 Azure VM,则建议将设置 autoUpgradeMinorVersion 为, false 因为自动升级版本可能会导致混合 Runbook 辅助角色出现问题。If you are using the Log Analytics virtual machine extension for Linux for an Azure VM, we recommend setting autoUpgradeMinorVersion to false as auto-upgrading versions can cause issues with the Hybrid Runbook Worker. 若要了解如何手动升级扩展,请参阅 Azure CLI 部署To learn how to upgrade the extension manually, see Azure CLI deployment.

关闭签名验证Turn off signature validation

默认情况下,Linux 混合 Runbook 辅助角色需要签名验证。By default, Linux Hybrid Runbook Workers require signature validation. 如果针对辅助角色运行未签名的 Runbook,将看到 Signature validation failed 错误。If you run an unsigned runbook against a worker, you see a Signature validation failed error. 若要禁用签名验证,请运行以下命令。To turn off signature validation, run the following command. 将第二个参数替换为 Log Analytics 工作区 ID。Replace the second parameter with your Log Analytics workspace ID.

sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/require_runbook_signature.py --false <logAnalyticsworkspaceId>

从本地 Linux 计算机删除混合 Runbook 辅助角色Remove the Hybrid Runbook Worker from an on-premises Linux machine

可在混合 Runbook 辅助角色上使用命令 ls /var/opt/microsoft/omsagent 获取工作区 ID。You can use the command ls /var/opt/microsoft/omsagent on the Hybrid Runbook Worker to get the workspace ID. 将创建一个使用工作区 ID 命名的文件夹。A folder is created that is named with the workspace ID.

sudo python onboarding.py --deregister --endpoint="<URL>" --key="<PrimaryAccessKey>" --groupname="Example" --workspaceid="<workspaceId>"

备注

此脚本不会从计算机中删除适用于 Linux 的 Log Analytics 代理。This script doesn't remove the Log Analytics agent for Linux from the machine. 它只会删除混合 Runbook 辅助角色的功能和配置。It only removes the functionality and configuration of the Hybrid Runbook Worker role.

删除混合辅助角色组Remove a Hybrid Worker group

若要删除 Linux 计算机的混合 Runbook 辅助角色组,请使用与 Windows 混合辅助角色组相同的步骤。To remove a Hybrid Runbook Worker group of Linux machines, you use the same steps as for a Windows hybrid worker group. 请参阅删除混合辅助角色组See Remove a Hybrid Worker group.

后续步骤Next steps