适用于 Linux 的虚拟机扩展和功能Virtual machine extensions and features for Linux

Azure 虚拟机 (VM) 扩展是小型应用程序,可在 Azure VM 上提供部署后配置和自动化任务。Azure virtual machine (VM) extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. 例如,如果某个虚拟机需要安装软件、防病毒保护或运行脚本,便可以使用 VM 扩展。For example, if a virtual machine requires software installation, anti-virus protection, or to run a script inside of it, a VM extension can be used. 可以使用 Azure CLI、PowerShell、Azure 资源管理器模板和 Azure 门户运行 Azure VM 扩展。Azure VM extensions can be run with the Azure CLI, PowerShell, Azure Resource Manager templates, and the Azure portal. 扩展可与新 VM 部署捆绑在一起,也可以针对任何现有系统运行。Extensions can be bundled with a new VM deployment, or run against any existing system.

本文提供 VM 扩展的概述、使用 Azure VM 扩展的先决条件,以及有关如何检测、管理和删除 VM 扩展的指导。This article provides an overview of VM extensions, prerequisites for using Azure VM extensions, and guidance on how to detect, manage, and remove VM extensions. 本文提供的是概况信息,因为有许多 VM 扩展可用,每个扩展可能具有独特的配置。This article provides generalized information because many VM extensions are available, each with a potentially unique configuration. 可以在各个扩展特定的各个文档中找到扩展特定的详细信息。Extension-specific details can be found in each document specific to the individual extension.

用例和示例Use cases and samples

有许多不同的 Azure VM 扩展可用,每个都有特定用例。Several different Azure VM extensions are available, each with a specific use case. 示例包括:Some examples include:

  • 使用适用于 Linux 的 DSC 扩展将 PowerShell 所需状态配置应用到 VM。Apply PowerShell Desired State configurations to a VM with the DSC extension for Linux. 有关详细信息,请参阅 Azure 所需状态配置扩展For more information, see Azure Desired State configuration extension.
  • 使用 Azure Monitoring Agent VM 扩展配置 VM 监视功能。Configure monitoring of a VM with the Azure Monitoring Agent VM extension. 有关详细信息,请参阅如何监视 Linux VMFor more information, see How to monitor a Linux VM.
  • 使用 Chef 或 Datadog 扩展配置 Azure 基础结构监视功能。Configure monitoring of your Azure infrastructure with the Chef or Datadog extension. 有关详细信息,请参阅 Chef 文档Datadog 博客For more information, see the Chef docs or Datadog blog.

除了进程特定的扩展外,“自定义脚本”扩展也可用于 Windows 和 Linux 虚拟机。In addition to process-specific extensions, a Custom Script extension is available for both Windows and Linux virtual machines. 适用于 Linux 的“自定义脚本”扩展允许在 VM 上运行任何 Bash 脚本。The Custom Script extension for Linux allows any Bash script to be run on a VM. 在设计需要本机 Azure 工具无法提供的配置的 Azure 部署时,自定义脚本很有用。Custom scripts are useful for designing Azure deployments that require configuration beyond what native Azure tooling can provide. 有关详细信息,请参阅 Linux VM Custom Script extension(Linux VM“自定义脚本”扩展)。For more information, see Linux VM Custom Script extension.

必备条件Prerequisites

若要处理 VM 上的扩展,需要安装 Azure Linux 代理。To handle the extension on the VM, you need the Azure Linux Agent installed. 有些单独的扩展附带先决条件,例如,有权访问资源或依赖项。Some individual extensions have prerequisites, such as access to resources or dependencies.

Azure VM 代理Azure VM agent

Azure VM 代理可管理 Azure VM 与 Azure 结构控制器之间的交互。The Azure VM agent manages interactions between an Azure VM and the Azure fabric controller. VM 代理负责部署和管理 Azure VM 的许多功能层面,包括运行 VM 扩展。The VM agent is responsible for many functional aspects of deploying and managing Azure VMs, including running VM extensions. Azure VM 代理预先安装在 Azure 市场映像上,并可手动安装在受支持的操作系统上。The Azure VM agent is preinstalled on Azure Marketplace images, and can be installed manually on supported operating systems. 适用于 Linux 的 Azure VM 代理称为 Linux 代理。The Azure VM Agent for Linux is known as the Linux agent.

有关受支持的操作系统以及安装说明的信息,请参阅 Azure virtual machine agent(Azure 虚拟机代理)。For information on supported operating systems and installation instructions, see Azure virtual machine agent.

支持的代理版本Supported agent versions

为了尽量提供最佳体验,我们提供了精简版本的代理。In order to provide the best possible experience, there are minimum versions of the agent. 有关详细信息,请参阅此文章For more information, see this article.

支持的 OSSupported OSes

Linux 代理在多个 OS 上运行,但是,扩展框架对扩展的 OS 施加限制。The Linux agent runs on multiple OSes, however the extensions framework has a limit for the OSes that extensions. 有关详细信息,请参阅此文章For more information, see this article.

某些扩展并非在所有 OS 上均受支持,可能会发出错误代码 51“不受支持的 OS” 。Some extensions are not supported across all OSes and may emit Error Code 51, 'Unsupported OS'. 请查看相应的扩展文档来了解支持情况。Check the individual extension documentation for supportability.

网络访问Network access

从 Azure 存储扩展存储库下载扩展包,将扩展状态上传内容发布到 Azure 存储。Extension packages are downloaded from the Azure Storage extension repository, and extension status uploads are posted to Azure Storage. 如果使用受支持版本的代理,则不需要允许对 VM 区域中 Azure 存储的访问,因为可以使用代理将通信重定向到 Azure 结构控制器,以进行代理通信。If you use supported version of the agents, you do not need to allow access to Azure Storage in the VM region, as can use the agent to redirect the communication to the Azure fabric controller for agent communications. 如果使用不受支持的代理版本,则需要允许从 VM 对该区域中 Azure 存储的出站访问。If you are on a non-supported version of the agent, you need to allow outbound access to Azure storage in that region from the VM.

重要

如果已使用来宾防火墙阻止对 168.63.129.16 的访问,则不管采用上述哪种方法,扩展都会失败 。If you have blocked access to 168.63.129.16 using the guest firewall, then extensions fail irrespective of the above.

代理只可用于下载扩展包和报告状态。Agents can only be used to download extension packages and reporting status. 例如,如果扩展安装需要从 GitHub 下载脚本(自定义脚本),或需要访问 Azure 存储(Azure 备份),则需要打开其他防火墙/网络安全组端口。For example, if an extension install needs to download a script from GitHub (Custom Script) or needs access to Azure Storage (Azure Backup), then additional firewall/Network Security Group ports need to be opened. 不同的扩展具有不同的要求,因为它们本身就是应用程序。Different extensions have different requirements, since they are applications in their own right. 对于需要访问 Azure 存储的扩展,可以使用存储的 Azure NSG 服务标记来允许访问。For extensions that require access to Azure Storage, you can allow access using Azure NSG Service Tags for Storage.

为了重定向代理流量请求,Linux 代理有代理服务器支持。To redirect agent traffic requests, the Linux Agent has proxy server support. 但是,此代理服务器支持不应用扩展。However, this proxy server support does not apply extensions. 必须配置每个单独的扩展来使用代理。You must configure each individual extension to work with a proxy.

发现 VM 扩展Discover VM extensions

有许多不同的 VM 扩展可与 Azure VM 配合使用。Many different VM extensions are available for use with Azure VMs. 若要查看完整列表,请使用 az vm extension image listTo see a complete list, use az vm extension image list. 以下示例列出“chinanorth”位置的所有可用扩展 :The following example lists all available extensions in the chinanorth location:

az vm extension image list --location chinanorth --output table

运行 VM 扩展Run VM extensions

Azure VM 扩展在现有 VM 上运行,需要在已部署的 VM 上进行配置更改或恢复连接时,这很有用。Azure VM extensions run on existing VMs, which is useful when you need to make configuration changes or recover connectivity on an already deployed VM. VM 扩展还可以与 Azure 资源管理器模板部署捆绑。VM extensions can also be bundled with Azure Resource Manager template deployments. 可将扩展与资源管理器模板配合使用来部署并配置 Azure VM,在部署后无需干预。By using extensions with Resource Manager templates, Azure VMs can be deployed and configured without post-deployment intervention.

可使用以下方法针对现有 VM 运行扩展。The following methods can be used to run an extension against an existing VM.

Azure CLIAzure CLI

Azure VM 扩展可以通过 az vm extension set 命令针对现有 VM 运行。Azure VM extensions can be run against an existing VM with the az vm extension set command. 下面的示例针对名为 myResourceGroup 的资源组中名为 myVM 的 VM 运行自定义脚本扩展 。The following example runs the Custom Script extension against a VM named myVM in a resource group named myResourceGroup. 将示例资源组名称、VM 名称和要运行的脚本 (https://raw.githubusercontent.com/me/project/hello.sh) 替换为你自己的信息。Replace the example resource group name, VM name and script to run (https://raw.githubusercontent.com/me/project/hello.sh) with your own information.

az vm extension set `
  --resource-group myResourceGroup `
  --vm-name myVM `
  --name customScript `
  --publisher Microsoft.Azure.Extensions `
  --settings '{"fileUris": ["https://raw.githubusercontent.com/me/project/hello.sh"],"commandToExecute": "./hello.sh"}'

扩展正确运行时,输出类似于以下示例:When the extension runs correctly, the output is similar to the following example:

info:    Executing command vm extension set
+ Looking up the VM "myVM"
+ Installing extension "CustomScript", VM: "mvVM"
info:    vm extension set command OK

Azure 门户Azure portal

可通过 Azure 门户将 VM 扩展应用到现有 VM。VM extensions can be applied to an existing VM through the Azure portal. 在门户中,依次选择该 VM、“扩展”、“添加” 。Select the VM in the portal, choose Extensions, then select Add. 从可用扩展的列表中选择所需扩展,并按向导中的说明操作。Choose the extension you want from the list of available extensions and follow the instructions in the wizard.

下图展示了如何从 Azure 门户安装 Linux 自定义脚本扩展:The following image shows the installation of the Linux Custom Script extension from the Azure portal:

安装自定义脚本扩展

Azure Resource Manager 模板Azure Resource Manager templates

VM 扩展可添加到 Azure Resource Manager 模板,并在部署模板的过程中执行。VM extensions can be added to an Azure Resource Manager template and executed with the deployment of the template. 使用模板部署扩展时,可以创建完全配置的 Azure 部署。When you deploy an extension with a template, you can create fully configured Azure deployments. 例如,以下 JSON 取自一个资源管理器模板,该模板会在每个 VM 上部署一组负载均衡的 VM、一个 Azure SQL 数据库,然后安装一个 .NET Core 应用程序。For example, the following JSON is taken from a Resource Manager template that deploys a set of load-balanced VMs and Azure SQL Database, then installs a .NET Core application on each VM. VM 扩展负责安装软件。The VM extension takes care of the software installation.

有关详细信息,请参阅完整的 Resource Manager 模板For more information, see the full Resource Manager template.

{
    "apiVersion": "2015-06-15",
    "type": "extensions",
    "name": "config-app",
    "location": "[resourceGroup().location]",
    "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', concat(variables('vmName'),copyindex()))]"
    ],
    "tags": {
    "displayName": "config-app"
    },
    "properties": {
    "publisher": "Microsoft.Azure.Extensions",
    "type": "CustomScript",
    "typeHandlerVersion": "2.0",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-linux/scripts/config-music.sh"
        ]
    },
    "protectedSettings": {
        "commandToExecute": "[concat('sudo sh config-music.sh ',variables('musicStoreSqlName'), ' ', parameters('adminUsername'), ' ', parameters('sqlAdminPassword'))]"
    }
    }
}

有关创建资源管理器模板的详细信息,请参阅创作 Azure 资源管理器模板For more information on creating Resource Manager templates, see Authoring Azure Resource Manager templates.

保护 VM 扩展数据Secure VM extension data

运行 VM 扩展时,可能需要包括敏感信息,例如凭据、存储帐户名称和存储帐户访问密钥。When you run a VM extension, it may be necessary to include sensitive information such as credentials, storage account names, and storage account access keys. 许多 VM 扩展包括受保护的配置,该配置对数据进行加密并且仅在目标 VM 内才对数据进行解密。Many VM extensions include a protected configuration that encrypts data and only decrypts it inside the target VM. 每个扩展都有特定的受保护配置架构,会在特定于扩展的文档中详细介绍每个配置架构。Each extension has a specific protected configuration schema, and each is detailed in extension-specific documentation.

以下示例显示了适用于 Linux 的自定义脚本扩展的一个实例。The following example shows an instance of the Custom Script extension for Linux. 要执行的命令包含一组凭据。The command to execute includes a set of credentials. 在此示例中,不会加密要执行的命令:In this example, the command to execute is not encrypted:

{
  "apiVersion": "2015-06-15",
  "type": "extensions",
  "name": "config-app",
  "location": "[resourceGroup().location]",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', concat(variables('vmName'),copyindex()))]"
  ],
  "tags": {
    "displayName": "config-app"
  },
  "properties": {
    "publisher": "Microsoft.Azure.Extensions",
    "type": "CustomScript",
    "typeHandlerVersion": "2.0",
    "autoUpgradeMinorVersion": true,
    "settings": {
      "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-linux/scripts/config-music.sh"
      ],
      "commandToExecute": "[concat('sudo sh config-music.sh ',variables('musicStoreSqlName'), ' ', parameters('adminUsername'), ' ', parameters('sqlAdminPassword'))]"
    }
  }
}

将“要执行的命令”属性移到“受保护的”配置可以保护执行字符串,如以下示例中所示 :Moving the command to execute property to the protected configuration secures the execution string, as shown in the following example:

{
  "apiVersion": "2015-06-15",
  "type": "extensions",
  "name": "config-app",
  "location": "[resourceGroup().location]",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', concat(variables('vmName'),copyindex()))]"
  ],
  "tags": {
    "displayName": "config-app"
  },
  "properties": {
    "publisher": "Microsoft.Azure.Extensions",
    "type": "CustomScript",
    "typeHandlerVersion": "2.0",
    "autoUpgradeMinorVersion": true,
    "settings": {
      "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-linux/scripts/config-music.sh"
      ]
    },
    "protectedSettings": {
      "commandToExecute": "[concat('sudo sh config-music.sh ',variables('musicStoreSqlName'), ' ', parameters('adminUsername'), ' ', parameters('sqlAdminPassword'))]"
    }
  }
}

如何更新代理和扩展?How do agents and extensions get updated?

代理和扩展使用相同的更新机制。The Agents and Extensions share the same update mechanism. 某些更新不需要附加的防火墙规则。Some updates do not require additional firewall rules.

如果有更新可用,仅当发生了扩展更改或其他 VM 模型更改时,才会在 VM 上安装该项更新:When an update is available, it is only installed on the VM when there is a change to extensions, and other VM Model changes such as:

  • 数据磁盘数Data disks
  • 扩展Extensions
  • 启动诊断容器Boot diagnostics container
  • 来宾 OS 机密Guest OS secrets
  • VM 大小VM size
  • 网络配置文件Network profile

发布者在不同的时间向不同的区域推出更新,因此,不同区域中的 VM 可能使用不同的版本。Publishers make updates available to regions at different times, so it is possible you can have VMs in different regions on different versions.

代理更新Agent updates

Linux VM 代理将预配代理代码和扩展处理代码包含在一个包中,不能分开 。The Linux VM Agent contains Provisioning Agent Code and Extension Handling code in one package, which cannot be separated. 如果要使用 cloud-init 在 Azure 上预配,可以禁用预配代理**。You can disable the Provisioning Agent when you want to provision on Azure using cloud-init. 若要执行此操作,请参阅使用 cloud-initTo do this, see using cloud-init.

代理的受支持版本可以使用自动更新。Supported versions of the Agents can use automatic updates. 唯一可以更新的代码是扩展处理代码,不是预配代码**。The only code that can be updated is the Extension Handling code, not the provisioning code. 预配代理代码是一次性运行的代码**。The Provisioning Agent code is run-once code.

扩展处理代码负责与 Azure 结构通信,并处理各种 VM 扩展操作,例如安装、报告状态、更新单个扩展,以及删除扩展 。The Extension Handling code is responsible for communicating with the Azure fabric, and handling the VM extensions operations such as installs, reporting status, updating the individual extensions, and removing them. 更新包含扩展处理代码的安全修复程序、bug 修复程序和增强功能 。Updates contain security fixes, bug fixes, and enhancements to the Extension Handling code.

安装代理时,创建父守护程序。When the agent is installed, a parent daemon is created. 然后,此父进程生成一个用于处理扩展的子进程。This parent then spawns a child process that is used to handle extensions. 如果有可用的代理更新,下载它,父进程停止子进程,升级它,然后重启它。If an update is available for the agent, it is downloaded, the parent stops the child process, upgrades it, then restarts it. 如果存在更新问题,父进程回滚到以前的子版本。Should there be a problem with the update, the parent process rolls back to the previous child version.

父进程不能自动更新。The parent process cannot be auto updated. 仅可通过发行版包更新来更新父进程。The parent can only be updated by a distro package update.

若要查看运行的版本,请查看 waagent,如下所示:To check what version you are running, check the waagent as follows:

waagent --version

输出类似于以下示例:The output is similar to the following example:

WALinuxAgent-2.2.17 running on ubuntu 16.04
Python: 3.5.2
Goal state agent: 2.2.18

在前面的示例输出中,父级或“部署包的版本”是 WALinuxAgent-2.2.17**In the preceding example output, the parent or 'package deployed version' is WALinuxAgent-2.2.17

“目标状态代理”是自动更新版本。The 'Goal state agent' is the auto update version.

强烈建议始终自动更新代理,AutoUpdate.Enabled=yIt is highly recommended that you always have auto update for the agent, AutoUpdate.Enabled=y. 如果不启用它,则需要始终手动更新代理,且不会获得 bug 和安全修补程序。Not having this enabled means you need to keep manually updating the agent, and not get bug and security fixes.

扩展更新Extension updates

有扩展更新可用时,Linux 代理会下载并升级扩展。When an extension update is available, the Linux Agent downloads and upgrades the extension. 自动扩展更新以次要版本或修补程序的形式提供 。Automatic extension updates are either Minor or Hotfix. 预配扩展时,可以选择安装或不安装扩展的次要版本更新 。You can opt in or opt out of extensions Minor updates when you provision the extension. 以下示例演示如何在资源管理器模板中使用 autoUpgradeMinorVersion": true,' 自动升级次要版本 :The following example shows how to automatically upgrade minor versions in a Resource Manager template with autoUpgradeMinorVersion": true,':

    "publisher": "Microsoft.Azure.Extensions",
    "type": "CustomScript",
    "typeHandlerVersion": "2.0",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-linux/scripts/config-music.sh"
        ]
    },

若要获取最新的次要版本 bug 修复,我们强烈建议始终在扩展部署中选择自动更新。To get the latest minor release bug fixes, it is highly recommended that you always select auto update in your extension deployments. 无法选择不安装包含安全或关键 bug 修复的修补程序更新。Hotfix updates that carry security or key bug fixes cannot be opted out.

如何识别扩展更新How to identify extension updates

在 VM 上使用 autoUpgradeMinorVersion 识别是否设置了扩展Identifying if the extension is set with autoUpgradeMinorVersion on a VM

如果使用“autoUpgradeMinorVersion”预配了扩展,则可以从 VM 模型查看信息。You can see from the VM model if the extension was provisioned with 'autoUpgradeMinorVersion'. 若要检查,请使用 az vm show 并提供资源组和 VM 名称,如下所示:To check, use az vm show and provide the resource group and VM name as follows:

az vm show --resource-group myResourceGroup --name myVM

以下示例输出显示 autoUpgradeMinorVersion 设置为 true :The following example output shows that autoUpgradeMinorVersion is set to true:

  "resources": [
    {
      "autoUpgradeMinorVersion": true,
      "forceUpdateTag": null,
      "id": "/subscriptions/guid/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM/extensions/CustomScriptExtension",

识别何时执行了 autoUpgradeMinorVersionIdentifying when an autoUpgradeMinorVersion occurred

若要查看何时对扩展执行了更新,请查看 VM 上的代理日志,路径为 /var/log/waagent.log**。To see when an update to the extension occurred, review the agent logs on the VM at /var/log/waagent.log.

在下面的示例中,VM 安装 Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9025**。In the example below, the VM had Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9025 installed. 修补程序适用于 Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027**:A hotfix was available to Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027:

INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Expected handler state: enabled
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Decide which version to use
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Use version: 2.3.9027
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Current handler state is: NotInstalled
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Download extension package
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Unpack extension package
INFO Event: name=Microsoft.OSTCExtensions.LinuxDiagnostic, op=Download, message=Download succeeded
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Initialize extension directory
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Update settings file: 0.settings
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9025] Disable extension.
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9025] Launch command:diagnostic.py -disable
...
INFO Event: name=Microsoft.OSTCExtensions.LinuxDiagnostic, op=Disable, message=Launch command succeeded: diagnostic.py -disable
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Update extension.
INFO [Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027] Launch command:diagnostic.py -update
2017/08/14 20:21:57 LinuxAzureDiagnostic started to handle.

代理权限Agent permissions

若要执行任务,代理需要作为根运行**。To perform its tasks, the agent needs to run as root.

排查 VM 扩展的问题Troubleshoot VM extensions

每个 VM 扩展都有特定于扩展的故障排除步骤。Each VM extension may have troubleshooting steps specific to the extension. 例如,使用自定义脚本扩展时,可在运行该扩展的 VM 本地找到脚本执行详细信息。For example, when you use the Custom Script extension, script execution details can be found locally on the VM where the extension was run. 任何特定于扩展的故障排除步骤均在特定于扩展的文档中详细说明。Any extension-specific troubleshooting steps are detailed in extension-specific documentation.

以下故障排除步骤适用于所有 VM 扩展。The following troubleshooting steps apply to all VM extensions.

  1. 若要查看 Linux 代理日志,请在 /var/log/waagent.log 中查看预配扩展时的活动**To check the Linux Agent Log, look at the activity when your extension was being provisioned in /var/log/waagent.log

  2. 在 /var/log/azure/<extensionName> 中查看实际扩展日志,以便获取详细信息**Check the actual extension logs for more details in /var/log/azure/<extensionName>

  3. 查看特定扩展文档中有关错误代码和已知问题等的故障排除部分。Check extension-specific documentation troubleshooting sections for error codes, known issues etc.

  4. 查看系统日志。Look at the system logs. 检查其他可能影响了扩展的操作,例如,长时间安装另一个需要包管理器独占访问权限的应用程序。Check for other operations that may have interfered with the extension, such as a long running installation of another application that required exclusive package manager access.

扩展失败的常见原因Common reasons for extension failures

  1. 运行扩展的时间不能超过 20 分钟(CustomScript 扩展、Chef 和 DSC 除外,其运行时间不能超过 90 分钟)。Extensions have 20 mins to run (exceptions are the CustomScript extensions, Chef, and DSC that have 90 mins). 如果部署超过此时间,则会将它标记为超时。If your deployment exceeds this time, it is marked as a timeout. 超时的原因可能包括 VM 资源不足、在扩展尝试预配时其他 VM 配置/启动任务消耗了大量资源。The cause of this can be due to low resource VMs, other VM configurations/start up tasks consuming high amounts of resource whilst the extension is trying to provision.

  2. 不符合最低先决条件。Minimum prerequisites not met. 某些扩展依赖于 VM SKU,例如 HPC 映像。Some extensions have dependencies on VM SKUs, such as HPC images. 扩展可能需要满足特定的网络访问要求,例如,能够与 Azure 存储或公共服务通信。Extensions may require certain networking access requirements, such as communicating to Azure Storage or public services. 其他原因包括访问包存储库、磁盘空间耗尽或安全限制。Other examples could be access to package repositories, running out of disk space, or security restrictions.

  3. 包管理器独占访问权限。Exclusive package manager access. 在某些情况下,可能会遇到长时间运行的 VM 配置与扩展安装相冲突的问题,两者都需要包管理器的独占访问权限。In some cases, you may encounter a long running VM configuration and extension installation conflicting, where they both need exclusive access to the package manager.

查看扩展状态View extension status

针对 VM 运行 VM 扩展后,请使用 az vm get-instance-view 返回扩展状态,如下所示:After a VM extension has been run against a VM, use az vm get-instance-view to return extension status as follows:

az vm get-instance-view \
    --resource-group rgName \
    --name myVM \
    --query "instanceView.extensions"

输出类似于以下示例输出:The output is similar to the following example output:

  {
    "name": "customScript",
    "statuses": [
      {
        "code": "ProvisioningState/failed/0",
        "displayStatus": "Provisioning failed",
        "level": "Error",
        "message": "Enable failed: failed to execute command: command terminated with exit status=127\n[stdout]\n\n[stderr]\n/bin/sh: 1: ech: not found\n",
        "time": null
      }
    ],
    "substatuses": null,
    "type": "Microsoft.Azure.Extensions.customScript",
    "typeHandlerVersion": "2.0.6"
  }

此外,还可以在 Azure 门户中找到扩展执行状态。Extension execution status can also be found in the Azure portal. 若要查看扩展的状态,请依次选择 VM、“扩展”、所需的扩展 。To view the status of an extension, select the VM, choose Extensions, then select the desired extension.

重新运行 VM 扩展Rerun a VM extension

在某些情况下,可能需要重新运行 VM 扩展。There may be cases in which a VM extension needs to be rerun. 如果要重新运行扩展,可以先删除扩展,然后使用所选执行方法重新运行扩展。You can rerun an extension by removing it, and then rerunning the extension with an execution method of your choice. 若要删除扩展,请使用 az vm extension delete,如下所示:To remove an extension, use az vm extension delete as follows:

az vm extension delete \
    --resource-group myResourceGroup \
    --vm-name myVM \
    --name customScript

也可以在 Azure 门户中删除扩展,如下所示:You can also remove an extension in the Azure portal as follows:

  1. 选择 VM。Select a VM.
  2. 选择“扩展” 。Choose Extensions.
  3. 选择所需的扩展。Select the desired extension.
  4. 选择“卸载” 。Choose Uninstall.

常见 VM 扩展参考Common VM extension reference

扩展名称Extension name 说明Description 详细信息More information
适用于 Linux 的自定义脚本扩展Custom Script extension for Linux 针对 Azure 虚拟机运行脚本Run scripts against an Azure virtual machine 适用于 Linux 的自定义脚本扩展Custom Script extension for Linux
VM 访问扩展VM Access extension 重新获取对 Azure 虚拟机的访问权限Regain access to an Azure virtual machine VM 访问扩展VM Access extension
Azure 诊断扩展Azure Diagnostics extension 管理 Azure 诊断Manage Azure Diagnostics Azure 诊断扩展Azure Diagnostics extension
Azure VM 访问扩展Azure VM Access extension 管理用户和凭据Manage users and credentials 适用于 Linux 的 VM 访问扩展VM Access extension for Linux

后续步骤Next steps

有关 VM 扩展的详细信息,请参阅 Azure 虚拟机扩展和功能概述For more information about VM extensions, see Azure virtual machine extensions and features overview.