您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

了解和使用 Azure Linux 代理Understanding and using the Azure Linux Agent

备注

Azure 具有用于创建和处理资源的两个不同的部署模型:Resource Manager 和经典Azure has two different deployment models for creating and working with resources: Resource Manager and classic. 这篇文章介绍如何使用这两种模型,但 Microsoft 建议大多数最新部署使用 Resource Manager 模型。This article covers using both models, but Microsoft recommends that most new deployments use the Resource Manager model.

介绍Introduction

Microsoft Azure Linux 代理 (waagent) 可以管理 Linux 与 FreeBSD 预配,以及 VM 与 Azure 结构控制器之间的交互。The Microsoft Azure Linux Agent (waagent) manages Linux & FreeBSD provisioning, and VM interaction with the Azure Fabric Controller. 它针对 Linux 和 FreeBSD IaaS 部署提供以下功能:It provides the following functionality for Linux and FreeBSD IaaS deployments:

备注

有关其他详细信息,请参阅 Azure Linux 代理的自述文件See the Azure Linux agent README for additional details.

  • 映像预配Image Provisioning

    • 创建用户帐户Creation of a user account
    • 配置 SSH 身份验证类型Configuring SSH authentication types
    • 部署 SSH 公钥和密钥对Deployment of SSH public keys and key pairs
    • 设置主机名Setting the host name
    • 将主机名发布到平台 DNSPublishing the host name to the platform DNS
    • 将 SSH 主机密钥指纹报告给平台Reporting SSH host key fingerprint to the platform
    • 资源磁盘管理Resource Disk Management
    • 格式化并安装资源磁盘Formatting and mounting the resource disk
    • 配置交换空间Configuring swap space
  • 网络Networking

    • 管理路由以提高与平台 DHCP 服务器的兼容性Manages routes to improve compatibility with platform DHCP servers
    • 确保网络接口名称的稳定性Ensures the stability of the network interface name
  • 内核Kernel

    • 配置虚拟 NUMA(版本低于 2.6.37 的内核已禁用)Configures virtual NUMA (disable for kernel <2.6.37)
    • 将 Hyper-V 熵用于 /dev/randomConsumes Hyper-V entropy for /dev/random
    • 为根设备配置 SCSI 超时(可能通过远程方式)Configures SCSI timeouts for the root device (which could be remote)
  • 诊断Diagnostics

    • 控制台重定向到串行端口Console redirection to the serial port
  • SCVMM 部署SCVMM Deployments

    • 当用于 Linux 的 VMM 代理在 System Center Virtual Machine Manager 2012 R2 环境中运行时对其进行检测并启动Detects and bootstraps the VMM agent for Linux when running in a System Center Virtual Machine Manager 2012 R2 environment
  • VM 扩展VM Extension

通信Communication

从平台到代理的信息流通过两个通道进行:The information flow from the platform to the agent occurs via two channels:

  • 用于 IaaS 部署的附加了启动时间的 DVD。A boot-time attached DVD for IaaS deployments. 此 DVD 包含一个与 OVF 兼容的配置文件,该文件包括除 SSH 密钥对之外的所有配置信息。This DVD includes an OVF-compliant configuration file that includes all provisioning information other than the actual SSH keypairs.
  • 用于获取部署和拓扑配置的一个公开 REST API 的 TCP 终结点。A TCP endpoint exposing a REST API used to obtain deployment and topology configuration.

要求Requirements

下列系统已经过测试并确认兼容 Azure Linux 代理:The following systems have been tested and are known to work with the Azure Linux Agent:

备注

此列表可能不同于 Microsoft Azure 平台所支持系统的官方列表,如以下文章所述:http://support.microsoft.com/kb/2805216This list may differ from the official list of supported systems on the Microsoft Azure Platform, as described here: http://support.microsoft.com/kb/2805216

  • CoreOSCoreOS
  • CentOS 6.3+CentOS 6.3+
  • Red Hat Enterprise Linux 6.7+Red Hat Enterprise Linux 6.7+
  • Debian 7.0+Debian 7.0+
  • Ubuntu 12.04+Ubuntu 12.04+
  • openSUSE 12.3+openSUSE 12.3+
  • SLES 11 SP3+SLES 11 SP3+
  • Oracle Linux 6.4+Oracle Linux 6.4+

其他支持的系统:Other Supported Systems:

  • FreeBSD 10+(Azure Linux 代理 v2.0.10+)FreeBSD 10+ (Azure Linux Agent v2.0.10+)

Linux 代理的正常运行依赖一些系统程序包:The Linux agent depends on some system packages in order to function properly:

  • Python 2.6+Python 2.6+
  • OpenSSL 1.0+OpenSSL 1.0+
  • OpenSSH 5.3+OpenSSH 5.3+
  • 文件系统实用程序:sfdisk、fdisk、mkfs、partedFilesystem utilities: sfdisk, fdisk, mkfs, parted
  • 密码工具:chpasswd、sudoPassword tools: chpasswd, sudo
  • 文本处理工具:sed、grepText processing tools: sed, grep
  • 网络工具:ip-routeNetwork tools: ip-route
  • 装载 UDF 文件系统的内核支持。Kernel support for mounting UDF filesystems.

安装Installation

使用分发包存储库中的 RPM 或 DEB 包进行安装是安装和升级 Azure Linux 代理的首选方法。Installation using an RPM or a DEB package from your distribution's package repository is the preferred method of installing and upgrading the Azure Linux Agent. 所有认可的分发版提供商会将 Azure Linux 代理包集成到其映像和存储库。All the endorsed distribution providers integrate the Azure Linux agent package into their images and repositories.

请参阅 GitHub 上的 Azure Linux 代理存储库中的文档了解高级安装选项,例如从源安装,或者安装到自定义位置或前缀。Refer to the documentation in the Azure Linux Agent repo on GitHub for advanced installation options, such as installing from source or to custom locations or prefixes.

命令行选项Command Line Options

标志Flags

  • verbose:增加指定命令的详细程度verbose: Increase verbosity of specified command
  • force:跳过某些命令的交互式确认force: Skip interactive confirmation for some commands

命令Commands

  • help:列出支持的命令和标志。help: Lists the supported commands and flags.
  • deprovision:尝试清除系统并使其适用于重新预配。deprovision: Attempt to clean the system and make it suitable for re-provisioning. 此操作已删除以下各项:This operation deleted the following:

    • 所有 SSH 主机密钥(如果在配置文件中 Provisioning.RegenerateSshHostKeyPair 为“y”)All SSH host keys (if Provisioning.RegenerateSshHostKeyPair is 'y' in the configuration file)
    • /etc/resolv.conf 中的 Nameserver 配置Nameserver configuration in /etc/resolv.conf
    • /etc/shadow 中的根密码(如果在配置文件中 Provisioning.DeleteRootPassword 为“y”)Root password from /etc/shadow (if Provisioning.DeleteRootPassword is 'y' in the configuration file)
    • 缓存的 DHCP 客户端租赁Cached DHCP client leases
    • 将主机名重置为 localhost.localdomainResets host name to localhost.localdomain

警告

取消预配无法保证清除映像中的所有敏感信息且适用于重新分发。Deprovisioning does not guarantee that the image is cleared of all sensitive information and suitable for redistribution.

  • deprovision+user:执行 -deprovision(上述)下面的所有操作,还将删除最后预配的用户帐户(从 /var/lib/waagent 中获得)和关联数据。deprovision+user: Performs everything under -deprovision (above) and also deletes the last provisioned user account (obtained from /var/lib/waagent) and associated data. 此参数是取消对以前在 Azure 中设置的映像的设置以便捕获并重新使用该映像时的参数。This parameter is when de-provisioning an image that was previously provisioning on Azure so it may be captured and re-used.
  • version:显示 waagent 的版本version: Displays the version of waagent
  • serialconsole:配置 GRUB 以将 ttyS0(第一个串行端口)标记为启动控制台。serialconsole: Configures GRUB to mark ttyS0 (the first serial port) as the boot console. 这可确保将内核启动日志发送到串行端口并适用于调试。This ensures that kernel bootup logs are sent to the serial port and made available for debugging.
  • daemon:将 waagent 作为 daemon 运行以管理与平台的交互。daemon: Run waagent as a daemon to manage interaction with the platform. 在 waagent init 脚本中为 waagent 指定此参数。This argument is specified to waagent in the waagent init script.
  • 开始:将 waagent 作为后台进程运行start: Run waagent as a background process

配置Configuration

配置文件 (/etc/waagent.conf) 可控制 waagent 的操作。A configuration file (/etc/waagent.conf) controls the actions of waagent. 下面显示了示例配置文件:A sample configuration file is shown below:

Provisioning.Enabled=y
Provisioning.DeleteRootPassword=n
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.SshHostKeyPairType=rsa
Provisioning.MonitorHostName=y
Provisioning.DecodeCustomData=n
Provisioning.ExecuteCustomData=n
Provisioning.AllowResetSysUser=n
Provisioning.PasswordCryptId=6
Provisioning.PasswordCryptSaltLength=10
ResourceDisk.Format=y
ResourceDisk.Filesystem=ext4
ResourceDisk.MountPoint=/mnt/resource
ResourceDisk.MountOptions=None
ResourceDisk.EnableSwap=n
ResourceDisk.SwapSizeMB=0
LBProbeResponder=y
Logs.Verbose=n
OS.RootDeviceScsiTimeout=300
OS.OpensslPath=None
HttpProxy.Host=None
HttpProxy.Port=None
AutoUpdate.Enabled=y

下面详细描述了各种配置选项。The various configuration options are described in detail below. 配置选项分为三种类型:布尔值、字符串或整数。Configuration options are of three types; Boolean, String or Integer. 布尔配置选项可指定为“y”或“n”。The Boolean configuration options can be specified as "y" or "n". 特殊关键字“无”可用于某些字符串类型配置条目,详细信息如下所示。The special keyword "None" may be used for some string type configuration entries as detailed below.

Provisioning.Enabled:Provisioning.Enabled:
类型:布尔值Type: Boolean
默认值:yDefault: y

这允许用户在代理中启用或禁用设置功能。This allows the user to enable or disable the provisioning functionality in the agent. 有效值为“y”或“n”。Valid values are "y" or "n". 如果禁用设置,则会保留映像中的 SSH 主机和用户密钥,并忽略 Azure 设置 API 中指定的所有配置。If provisioning is disabled, SSH host and user keys in the image are preserved and any configuration specified in the Azure provisioning API is ignored.

备注

Provisioning.Enabled 参数在使用 cloud-init 进行预配的 Ubuntu 云映像上默认为“n”。The Provisioning.Enabled parameter defaults to "n" on Ubuntu Cloud Images that use cloud-init for provisioning.

Provisioning.DeleteRootPassword:Provisioning.DeleteRootPassword:
类型:布尔值Type: Boolean
默认值:nDefault: n

如果设置此参数,则会在设置过程中清除 /etc/shadow 文件中的根密码。If set, the root password in the /etc/shadow file is erased during the provisioning process.

Provisioning.RegenerateSshHostKeyPair:Provisioning.RegenerateSshHostKeyPair:
类型:布尔值Type: Boolean
默认值:yDefault: y

如果设置此参数,则会在设置过程中从 /etc/ssh/ 中删除所有 SSH 主机密钥对(ecdsa、dsa 和 rsa)。If set, all SSH host key pairs (ecdsa, dsa and rsa) are deleted during the provisioning process from /etc/ssh/. 并且会生成一个全新的密钥对。And a single fresh key pair is generated.

此全新密钥对的加密类型可由 Provisioning.SshHostKeyPairType 项进行配置。The encryption type for the fresh key pair is configurable by the Provisioning.SshHostKeyPairType entry. 请注意,在重新启动 SSH 监控程序时(例如,重新启动时),某些分发将为任何缺失的加密类型重新创建 SSH 密钥对。Please note that some distributions will re-create SSH key pairs for any missing encryption types when the SSH daemon is restarted (for example, upon a reboot).

Provisioning.SshHostKeyPairType:Provisioning.SshHostKeyPairType:
类型:字符串Type: String
默认值:rsaDefault: rsa

可将其设置为虚拟机上的 SSH 监控程序支持的加密算法类型。This can be set to an encryption algorithm type that is supported by the SSH daemon on the virtual machine. 通常支持的值为“rsa”、“dsa”和“ecdsa”。The typically supported values are "rsa", "dsa" and "ecdsa". 请注意,Windows 上的“putty.exe”不支持“ecdsa”。Note that "putty.exe" on Windows does not support "ecdsa". 因此,若要在 Windows 上使用 putty.exe 连接到 Linux 部署,请使用“rsa”或“dsa”。So, if you intend to use putty.exe on Windows to connect to a Linux deployment, please use "rsa" or "dsa".

Provisioning.MonitorHostName:Provisioning.MonitorHostName:
类型:布尔值Type: Boolean
默认值:yDefault: y

如果设置此参数,则 waagent 将监视 Linux 虚拟机的主机名更改情况(由“hostname”命令返回),并自动更新映像中的网络配置以反映此更改。If set, waagent will monitor the Linux virtual machine for hostname changes (as returned by the "hostname" command) and automatically update the networking configuration in the image to reflect the change. 要将名称更改推送到 DNS 服务器,可在虚拟机中重新启动网络。In order to push the name change to the DNS servers, networking will be restarted in the virtual machine. 这会导致 Internet 连接暂时中断。This will result in brief loss of Internet connectivity.

Provisioning.DecodeCustomDataProvisioning.DecodeCustomData
类型:布尔值Type: Boolean
默认值:nDefault: n

如果已设置,waagent 将从 Base64 解码 CustomData。If set, waagent will decode CustomData from Base64.

Provisioning.ExecuteCustomDataProvisioning.ExecuteCustomData
类型:布尔值Type: Boolean
默认值:nDefault: n

如果已设置,waagent 会在预配后执行 CustomData。If set, waagent will execute CustomData after provisioning.

Provisioning.AllowResetSysUser 类型:布尔值 默认值:nProvisioning.AllowResetSysUser Type: Boolean Default: n

此选项允许重置 sys 用户的密码;默认为禁用。This option allows the password for the sys user to be reset; default is disabled.

Provisioning.PasswordCryptIdProvisioning.PasswordCryptId
类型:字符串Type: String
默认值:6Default: 6

生成密码哈希时加密使用的算法。Algorithm used by crypt when generating password hash.
1 - MD51 - MD5
2a - Blowfish2a - Blowfish
5 - SHA-2565 - SHA-256
6 - SHA-5126 - SHA-512

Provisioning.PasswordCryptSaltLengthProvisioning.PasswordCryptSaltLength
类型:字符串Type: String
默认值:10Default: 10

生成密码哈希时使用的随机 salt 长度。Length of random salt used when generating password hash.

ResourceDisk.Format:ResourceDisk.Format:
类型:布尔值Type: Boolean
默认值:yDefault: y

如果设置此参数,则当“ResourceDisk.Filesystem”中用户请求的 filesystem 类型是“ntfs”之外的任何值时,平台提供的资源磁盘将通过 waagent 进行格式化和安装。If set, the resource disk provided by the platform will be formatted and mounted by waagent if the filesystem type requested by the user in "ResourceDisk.Filesystem" is anything other than "ntfs". 将在磁盘上提供类型 Linux (83) 的单个分区。A single partition of type Linux (83) will be made available on the disk. 请注意,如果可以成功安装此分区,则将不会对其进行格式化。Note that this partition will not be formatted if it can be successfully mounted.

ResourceDisk.Filesystem:ResourceDisk.Filesystem:
类型:字符串Type: String
默认值:ext4Default: ext4

这会指定资源磁盘的 filesystem 类型。This specifies the filesystem type for the resource disk. 支持的值随 Linux 分发的不同而不同。Supported values vary by Linux distribution. 如果字符串为 X,则 mkfs.X 应呈现在 Linux 映像上。If the string is X, then mkfs.X should be present on the Linux image. SLES 11 映像通常应使用“ext3”。SLES 11 images should typically use 'ext3'. FreeBSD 映像在此处应使用“ufs2”。FreeBSD images should use 'ufs2' here.

ResourceDisk.MountPoint:ResourceDisk.MountPoint:
类型:字符串Type: String
默认值:/mnt/resourceDefault: /mnt/resource

这会指定资源磁盘的安装路径。This specifies the path at which the resource disk is mounted. 请注意,资源磁盘是临时磁盘,可能在取消预配 VM 时被清空。Note that the resource disk is a temporary disk, and might be emptied when the VM is deprovisioned.

ResourceDisk.MountOptionsResourceDisk.MountOptions
类型:字符串Type: String
默认值:无Default: None

指定要传递给 mount -o 命令的磁盘装载选项。Specifies disk mount options to be passed to the mount -o command. 这是一个逗号分隔值列表,例如This is a comma separated list of values, ex. “nodev,nosuid”。'nodev,nosuid'. 有关详细信息,请参阅 mount(8)。See mount(8) for details.

ResourceDisk.EnableSwap:ResourceDisk.EnableSwap:
类型:布尔值Type: Boolean
默认值:nDefault: n

如果设置此参数,则会在资源磁盘上创建交换文件 (/swapfile) 并将该文件添加到系统交换空间。If set, a swap file (/swapfile) is created on the resource disk and added to the system swap space.

ResourceDisk.SwapSizeMB:ResourceDisk.SwapSizeMB:
类型:整数Type: Integer
默认值:0Default: 0

交换文件的大小,以兆字节为单位。The size of the swap file in megabytes.

Logs.Verbose:Logs.Verbose:
类型:布尔值Type: Boolean
默认值:nDefault: n

如果设置此参数,则将增大日志的详细程度。If set, log verbosity is boosted. Waagent 将日志记录到 /var/log/waagent.log 并使用系统 logrotate 功能来循环日志。Waagent logs to /var/log/waagent.log and leverages the system logrotate functionality to rotate logs.

OS.EnableRDMAOS.EnableRDMA
类型:布尔值Type: Boolean
默认值:nDefault: n

如果已设置,代理将尝试安装然后加载与底层硬件上的固件版本匹配的 RDMA 内核驱动程序。If set, the agent will attempt to install and then load an RDMA kernel driver that matches the version of the firmware on the underlying hardware.

OS.RootDeviceScsiTimeout:OS.RootDeviceScsiTimeout:
类型:整数Type: Integer
默认值:300Default: 300

这会配置 OS 磁盘和数据驱动器上的 SCSI 超时(以秒为单位)。This configures the SCSI timeout in seconds on the OS disk and data drives. 如果未设置此参数,则使用系统默认值。If not set, the system defaults are used.

OS.OpensslPath:OS.OpensslPath:
类型:字符串Type: String
默认值:无Default: None

这可用于指定要用于加密操作的 openssl 二进制文件的替代路径。This can be used to specify an alternate path for the openssl binary to use for cryptographic operations.

HttpProxy.Host、HttpProxy.PortHttpProxy.Host, HttpProxy.Port
类型:字符串Type: String
默认值:无Default: None

如果已设置,代理将使用此代理服务器访问 Internet。If set, the agent will use this proxy server to access the internet.

AutoUpdate.Enabled 类型:布尔值 默认值:yAutoUpdate.Enabled Type: Boolean Default: y

启用或禁用目标状态处理的自动更新;默认为启用。Enable or disable auto-update for goal state processing; default is enabled.

Ubuntu 云映像Ubuntu Cloud Images

请注意,Ubuntu 云映像利用 cloud-init 执行多种配置任务,这些任务在其他情况下也可以通过 Azure Linux 代理来管理。Note that Ubuntu Cloud Images utilize cloud-init to perform many configuration tasks that would otherwise be managed by the Azure Linux Agent. 请注意以下不同:Please note the following differences:

  • Provisioning.Enabled 在使用 cloud-init 执行预配任务的 Ubuntu 云映像上默认为“n”。Provisioning.Enabled defaults to "n" on Ubuntu Cloud Images that use cloud-init to perform provisioning tasks.
  • 以下配置参数对使用 cloud-init 来管理资源磁盘并交换空间的 Ubuntu 云映像没有影响:The following configuration parameters have no effect on Ubuntu Cloud Images that use cloud-init to manage the resource disk and swap space:

    • ResourceDisk.FormatResourceDisk.Format
    • ResourceDisk.FilesystemResourceDisk.Filesystem
    • ResourceDisk.MountPointResourceDisk.MountPoint
    • ResourceDisk.EnableSwapResourceDisk.EnableSwap
    • ResourceDisk.SwapSizeMBResourceDisk.SwapSizeMB
  • 请参阅以下资源来配置资源磁盘装入点,并在预配期间交换 Ubuntu 云映像上的空间:Please see the following resources to configure the resource disk mount point and swap space on Ubuntu Cloud Images during provisioning: