了解和使用 Azure Linux 代理Understanding and using the Azure Linux Agent

Azure Linux 代理 (waagent) 可以管理 Linux 与 FreeBSD 预配,以及 VM 与 Azure 结构控制器之间的交互。The Azure Linux Agent (waagent) manages Linux & FreeBSD provisioning, and VM interaction with the Azure Fabric Controller. 除了提供预配功能的 Linux 代理外,Azure 还提供对某些 Linux OS 使用 cloud-init 的选项。In addition to the Linux Agent providing provisioning functionality, Azure also provides the option of using cloud-init for some Linux OSes. Linux 代理为 Linux 和 FreeBSD IaaS 部署提供以下功能:The Linux Agent provides the following functionality for Linux and FreeBSD IaaS deployments:

备注

有关详细信息,请参阅 READMEFor more information, see the README.

  • 映像设置Image Provisioning

    • 创建用户帐户Creation of a user account
    • 配置 SSH 身份验证类型Configuring SSH authentication types
    • 部署 SSH 公钥和密钥对Deployment of SSH public keys and key pairs
    • 设置主机名Setting the host name
    • 将主机名发布到平台 DNSPublishing the host name to the platform DNS
    • 将 SSH 主机密钥指纹报告给平台Reporting SSH host key fingerprint to the platform
    • 资源磁盘管理Resource Disk Management
    • 格式化并安装资源磁盘Formatting and mounting the resource disk
    • 配置交换空间Configuring swap space
  • 网络Networking

    • 管理路由以提高与平台 DHCP 服务器的兼容性Manages routes to improve compatibility with platform DHCP servers
    • 确保网络接口名称的稳定性Ensures the stability of the network interface name
  • 内核Kernel

    • 配置虚拟 NUMA(对版本低于 <2.6.37 的内核禁用)Configures virtual NUMA (disable for kernel <2.6.37)
    • 将 Hyper-V 熵用于 /dev/randomConsumes Hyper-V entropy for /dev/random
    • 为根设备配置 SCSI 超时(可能通过远程方式)Configures SCSI timeouts for the root device (which could be remote)
  • 诊断Diagnostics

    • 控制台重定向到串行端口Console redirection to the serial port
  • SCVMM 部署SCVMM Deployments

    • 当用于 Linux 的 VMM 代理在 System Center Virtual Machine Manager 2012 R2 环境中运行时对其进行检测并启动Detects and bootstraps the VMM agent for Linux when running in a System Center Virtual Machine Manager 2012 R2 environment
  • VM 扩展VM Extension

通信Communication

从平台到代理的信息流通过两个通道进行:The information flow from the platform to the agent occurs via two channels:

  • 用于 IaaS 部署的附加了启动时间的 DVD。A boot-time attached DVD for IaaS deployments. 此 DVD 包含一个与 OVF 兼容的配置文件,该文件包括除 SSH 密钥对之外的所有配置信息。This DVD includes an OVF-compliant configuration file that includes all provisioning information other than the actual SSH keypairs.
  • 用于获取部署和拓扑配置的一个公开 REST API 的 TCP 终结点。A TCP endpoint exposing a REST API used to obtain deployment and topology configuration.

要求Requirements

下列系统已经过测试并确认兼容 Azure Linux 代理:The following systems have been tested and are known to work with the Azure Linux Agent:

备注

此列表可能与支持的发行版的官方列表不同。This list may differ from the official list of supported distros.

  • CoreOSCoreOS
  • CentOS 6.3+CentOS 6.3+
  • Debian 7.0+Debian 7.0+
  • Ubuntu 12.04+Ubuntu 12.04+
  • openSUSE 12.3+openSUSE 12.3+
  • SLES 11 SP3+SLES 11 SP3+

其他支持的系统:Other Supported Systems:

  • FreeBSD 10+(Azure Linux 代理 v2.0.10+)FreeBSD 10+ (Azure Linux Agent v2.0.10+)

Linux 代理的正常运行依赖一些系统程序包:The Linux agent depends on some system packages in order to function properly:

  • Python 2.6+Python 2.6+
  • OpenSSL 1.0+OpenSSL 1.0+
  • OpenSSH 5.3+OpenSSH 5.3+
  • 文件系统实用程序:sfdisk、fdisk、mkfs、partedFilesystem utilities: sfdisk, fdisk, mkfs, parted
  • 密码工具:chpasswd、sudoPassword tools: chpasswd, sudo
  • 文本处理工具:sed、grepText processing tools: sed, grep
  • 网络工具:ip-routeNetwork tools: ip-route
  • 装载 UDF 文件系统的内核支持。Kernel support for mounting UDF filesystems.

确保 VM 可以访问 IP 地址 168.63.129.16。Ensure your VM has access to IP address 168.63.129.16. 有关详细信息,请参阅什么是 IP 地址 168.63.129.16For more information, see What is IP address 168.63.129.16.

安装Installation

使用分发包存储库中的 RPM 或 DEB 包进行安装是安装和升级 Azure Linux 代理的首选方法。Installation using an RPM or a DEB package from your distribution's package repository is the preferred method of installing and upgrading the Azure Linux Agent. 所有认可的分发版提供商会将 Azure Linux 代理包集成到其映像和存储库。All the endorsed distribution providers integrate the Azure Linux agent package into their images and repositories.

请参阅 GitHub 上的 Azure Linux 代理存储库中的文档了解高级安装选项,例如从源安装,或者安装到自定义位置或前缀。Refer to the documentation in the Azure Linux Agent repo on GitHub for advanced installation options, such as installing from source or to custom locations or prefixes.

命令行选项Command-Line Options

FlagsFlags

  • verbose:增加指定命令的详细程度verbose: Increase verbosity of specified command
  • force:跳过某些命令的交互式确认force: Skip interactive confirmation for some commands

命令Commands

  • help:列出支持的命令和标志。help: Lists the supported commands and flags.

  • deprovision:尝试清理系统并使其适用于重新预配。deprovision: Attempt to clean the system and make it suitable for reprovisioning. 后续操作删除以下各项:The following operation deletes:

    • 所有 SSH 主机密钥(如果在配置文件中 Provisioning.RegenerateSshHostKeyPair 为“y”)All SSH host keys (if Provisioning.RegenerateSshHostKeyPair is 'y' in the configuration file)
    • /etc/resolv.conf 中的 Nameserver 配置Nameserver configuration in /etc/resolv.conf
    • /etc/shadow 中的根密码(如果在配置文件中 Provisioning.DeleteRootPassword 为“y”)Root password from /etc/shadow (if Provisioning.DeleteRootPassword is 'y' in the configuration file)
    • 缓存的 DHCP 客户端租赁Cached DHCP client leases
    • 将主机名重置为 localhost.localdomainResets host name to localhost.localdomain

警告

取消预配无法保证清除映像中的所有敏感信息且适用于重新分发。Deprovisioning does not guarantee that the image is cleared of all sensitive information and suitable for redistribution.

  • deprovision+user:执行 -deprovision(上述)中的所有操作,同时删除最后预配的用户帐户(从 /var/lib/waagent 中获得)和关联数据。deprovision+user: Performs everything in -deprovision (above) and also deletes the last provisioned user account (obtained from /var/lib/waagent) and associated data. 此参数是取消对以前在 Azure 中设置的映像的设置以便捕获并重新使用该映像时的参数。This parameter is when de-provisioning an image that was previously provisioning on Azure so it may be captured and reused.

  • version:显示 waagent 的版本version: Displays the version of waagent

  • daemon:将 waagent 作为 daemon 运行以管理与平台的交互。daemon: Run waagent as a daemon to manage interaction with the platform. 在 waagent init 脚本中为 waagent 指定此参数。This argument is specified to waagent in the waagent init script.

  • 开始:将 waagent 作为后台进程运行start: Run waagent as a background process

ConfigurationConfiguration

配置文件 (/etc/waagent.conf) 可控制 waagent 的操作。A configuration file (/etc/waagent.conf) controls the actions of waagent. 下面显示了示例配置文件:The following shows a sample configuration file:

Provisioning.Enabled=y
Provisioning.DeleteRootPassword=n
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.SshHostKeyPairType=rsa
Provisioning.MonitorHostName=y
Provisioning.DecodeCustomData=n
Provisioning.ExecuteCustomData=n
Provisioning.AllowResetSysUser=n
Provisioning.PasswordCryptId=6
Provisioning.PasswordCryptSaltLength=10
ResourceDisk.Format=y
ResourceDisk.Filesystem=ext4
ResourceDisk.MountPoint=/mnt/resource
ResourceDisk.MountOptions=None
ResourceDisk.EnableSwap=n
ResourceDisk.SwapSizeMB=0
LBProbeResponder=y
Logs.Verbose=n
OS.RootDeviceScsiTimeout=300
OS.OpensslPath=None
HttpProxy.Host=None
HttpProxy.Port=None
AutoUpdate.Enabled=y

下面描述了各种配置选项。The following various configuration options are described. 配置选项分为三种类型:布尔值、字符串或整数。Configuration options are of three types; Boolean, String, or Integer. 布尔配置选项可指定为“y”或“n”。The Boolean configuration options can be specified as "y" or "n". 特殊关键字“无”可用于某些字符串类型配置条目,详细信息如下所示:The special keyword "None" may be used for some string type configuration entries as the following details:

Provisioning.Enabled:Provisioning.Enabled:

Type: Boolean  
Default: y

这允许用户在代理中启用或禁用设置功能。This allows the user to enable or disable the provisioning functionality in the agent. 有效值为“y”或“n”。Valid values are "y" or "n". 如果禁用设置,则会保留映像中的 SSH 主机和用户密钥,并忽略 Azure 设置 API 中指定的所有配置。If provisioning is disabled, SSH host and user keys in the image are preserved and any configuration specified in the Azure provisioning API is ignored.

备注

Provisioning.Enabled 参数在使用 cloud-init 进行预配的 Ubuntu 云映像上默认为“n”。The Provisioning.Enabled parameter defaults to "n" on Ubuntu Cloud Images that use cloud-init for provisioning.

Provisioning.DeleteRootPassword:Provisioning.DeleteRootPassword:

Type: Boolean  
Default: n

如果设置此参数,则会在设置过程中清除 /etc/shadow 文件中的根密码。If set, the root password in the /etc/shadow file is erased during the provisioning process.

Provisioning.RegenerateSshHostKeyPair:Provisioning.RegenerateSshHostKeyPair:

Type: Boolean  
Default: y

如果设置此参数,则会在预配过程中从 /etc/ssh/ 中删除所有 SSH 主机密钥对(ecdsa、dsa 和 rsa)。If set, all SSH host key pairs (ecdsa, dsa, and rsa) are deleted during the provisioning process from /etc/ssh/. 并且会生成一个全新的密钥对。And a single fresh key pair is generated.

此全新密钥对的加密类型可由 Provisioning.SshHostKeyPairType 项进行配置。The encryption type for the fresh key pair is configurable by the Provisioning.SshHostKeyPairType entry. 重启 SSH 守护程序时(例如,重启时),某些分发将为任何缺失的加密类型重新创建 SSH 密钥对。Some distributions re-create SSH key pairs for any missing encryption types when the SSH daemon is restarted (for example, upon a reboot).

Provisioning.SshHostKeyPairType:Provisioning.SshHostKeyPairType:

Type: String  
Default: rsa

可将其设置为虚拟机上的 SSH 监控程序支持的加密算法类型。This can be set to an encryption algorithm type that is supported by the SSH daemon on the virtual machine. 通常支持的值为“rsa”、“dsa”和“ecdsa”。The typically supported values are "rsa", "dsa" and "ecdsa". Windows 上的“putty.exe”不支持“ecdsa”。"putty.exe" on Windows does not support "ecdsa". 因此,若要在 Windows 上使用 putty.exe 连接到 Linux 部署,使用“rsa”或“dsa”。So, if you intend to use putty.exe on Windows to connect to a Linux deployment, use "rsa" or "dsa".

Provisioning.MonitorHostName:Provisioning.MonitorHostName:

Type: Boolean  
Default: y

如果设置此参数,waagent 监视 Linux 虚拟机的主机名更改情况(由“hostname”命令返回),并自动更新映像中的网络配置以反映此更改。If set, waagent monitors the Linux virtual machine for hostname changes (as returned by the "hostname" command) and automatically update the networking configuration in the image to reflect the change. 要将名称更改推送到 DNS 服务器,可在虚拟机中重启网络。In order to push the name change to the DNS servers, networking is restarted in the virtual machine. 这会导致 Internet 连接暂时中断。This results in brief loss of Internet connectivity.

Provisioning.DecodeCustomDataProvisioning.DecodeCustomData

Type: Boolean  
Default: n

如果设置此参数,waagent 从 Base64 解码 CustomData。If set, waagent decodes CustomData from Base64.

Provisioning.ExecuteCustomDataProvisioning.ExecuteCustomData

Type: Boolean  
Default: n

如果设置此参数,waagent 在预配后执行 CustomData。If set, waagent executes CustomData after provisioning.

Provisioning.AllowResetSysUserProvisioning.AllowResetSysUser

Type: Boolean
Default: n

此选项允许重置 sys 用户的密码;默认为禁用。This option allows the password for the sys user to be reset; default is disabled.

Provisioning.PasswordCryptIdProvisioning.PasswordCryptId

Type: String  
Default: 6

生成密码哈希时加密使用的算法。Algorithm used by crypt when generating password hash.
1 - MD51 - MD5
2a - Blowfish2a - Blowfish
5 - SHA-2565 - SHA-256
6 - SHA-5126 - SHA-512

Provisioning.PasswordCryptSaltLengthProvisioning.PasswordCryptSaltLength

Type: String  
Default: 10

生成密码哈希时使用的随机 salt 长度。Length of random salt used when generating password hash.

ResourceDisk.Format:ResourceDisk.Format:

Type: Boolean  
Default: y

如果设置此参数,则当“ResourceDisk.Filesystem”中用户请求的 filesystem 类型是“ntfs”之外的任何值时,平台提供的资源磁盘通过 waagent 进行格式化和安装。If set, the resource disk provided by the platform is formatted and mounted by waagent if the filesystem type requested by the user in "ResourceDisk.Filesystem" is anything other than "ntfs". 在磁盘上提供类型 Linux (83) 的单个分区。A single partition of type Linux (83) is made available on the disk. 如果可以成功安装此分区,不会对其进行格式化。This partition is not formatted if it can be successfully mounted.

ResourceDisk.Filesystem:ResourceDisk.Filesystem:

Type: String  
Default: ext4

这会指定资源磁盘的 filesystem 类型。This specifies the filesystem type for the resource disk. 支持的值随 Linux 分发的不同而不同。Supported values vary by Linux distribution. 如果字符串为 X,则 mkfs.X 应呈现在 Linux 映像上。If the string is X, then mkfs.X should be present on the Linux image. SLES 11 映像通常应使用“ext3”。SLES 11 images should typically use 'ext3'. FreeBSD 映像在此处应使用“ufs2”。FreeBSD images should use 'ufs2' here.

ResourceDisk.MountPoint:ResourceDisk.MountPoint:

Type: String  
Default: /mnt/resource 

这会指定资源磁盘的安装路径。This specifies the path at which the resource disk is mounted. 资源磁盘是临时** 磁盘,可能在取消预配 VM 时被清空。The resource disk is a temporary disk, and might be emptied when the VM is deprovisioned.

ResourceDisk.MountOptionsResourceDisk.MountOptions

Type: String  
Default: None

指定要传递给 mount -o 命令的磁盘装载选项。Specifies disk mount options to be passed to the mount -o command. 这是一个逗号分隔值列表,例如This is a comma-separated list of values, ex. “nodev,nosuid”。'nodev,nosuid'. 有关详细信息,请参阅 mount(8)。See mount(8) for details.

ResourceDisk.EnableSwap:ResourceDisk.EnableSwap:

Type: Boolean  
Default: n

如果设置此参数,则会在资源磁盘上创建交换文件 (/swapfile) 并将该文件添加到系统交换空间。If set, a swap file (/swapfile) is created on the resource disk and added to the system swap space.

ResourceDisk.SwapSizeMB:ResourceDisk.SwapSizeMB:

Type: Integer  
Default: 0

交换文件的大小,以兆字节为单位。The size of the swap file in megabytes.

Logs.Verbose:Logs.Verbose:

Type: Boolean  
Default: n

如果设置此参数,则将增大日志的详细程度。If set, log verbosity is boosted. Waagent 将日志记录到 /var/log/waagent.log 并利用系统 logrotate 功能来循环日志。Waagent logs to /var/log/waagent.log and utilizes the system logrotate functionality to rotate logs.

OS.EnableRDMAOS.EnableRDMA

Type: Boolean  
Default: n

如果设置此参数,代理将尝试安装然后加载与底层硬件上的固件版本匹配的 RDMA 内核驱动程序。If set, the agent attempts to install and then load an RDMA kernel driver that matches the version of the firmware on the underlying hardware.

OS.RootDeviceScsiTimeout:OS.RootDeviceScsiTimeout:

Type: Integer  
Default: 300

此设置将配置 OS 磁盘和数据驱动器上的 SCSI 超时(以秒为单位)。This setting configures the SCSI timeout in seconds on the OS disk and data drives. 如果未设置此参数,则使用系统默认值。If not set, the system defaults are used.

OS.OpensslPath:OS.OpensslPath:

Type: String  
Default: None

此设置可用于指定要用于加密操作的 openssl 二进制文件的替代路径。This setting can be used to specify an alternate path for the openssl binary to use for cryptographic operations.

HttpProxy.Host、HttpProxy.PortHttpProxy.Host, HttpProxy.Port

Type: String  
Default: None

如果设置此参数,代理将使用此代理服务器访问 Internet。If set, the agent uses this proxy server to access the internet.

AutoUpdate.EnabledAutoUpdate.Enabled

Type: Boolean
Default: y

启用或禁用目标状态处理的自动更新;默认为启用。Enable or disable auto-update for goal state processing; default is enabled.

Ubuntu 云映像Ubuntu Cloud Images

Ubuntu 云映像利用 cloud-init 执行多种配置任务,这些任务在其他情况下也可以通过 Azure Linux 代理来管理。Ubuntu Cloud Images utilize cloud-init to perform many configuration tasks that would otherwise be managed by the Azure Linux Agent. 具有以下差异:The following differences apply:

  • Provisioning.Enabled 在使用 cloud-init 执行预配任务的 Ubuntu 云映像上默认为“n”。Provisioning.Enabled defaults to "n" on Ubuntu Cloud Images that use cloud-init to perform provisioning tasks.

  • 以下配置参数对使用 cloud-init 来管理资源磁盘并交换空间的 Ubuntu 云映像没有影响:The following configuration parameters have no effect on Ubuntu Cloud Images that use cloud-init to manage the resource disk and swap space:

    • ResourceDisk.FormatResourceDisk.Format
    • ResourceDisk.FilesystemResourceDisk.Filesystem
    • ResourceDisk.MountPointResourceDisk.MountPoint
    • ResourceDisk.EnableSwapResourceDisk.EnableSwap
    • ResourceDisk.SwapSizeMBResourceDisk.SwapSizeMB
  • 有关详细信息,请参阅以下资源来配置资源磁盘装入点,并在预配期间交换 Ubuntu 云映像上的空间:For more information, see the following resources to configure the resource disk mount point and swap space on Ubuntu Cloud Images during provisioning: