Install Azure Arc Agent on Linux

Integrate Linux systems into Microsoft Azure Arc.

Published: Dec 09, 2024

Servers Hero

SHARE ARTICLE

This article provides a comprehensive guide for installing Linux servers to Azure Arc, covering prerequisites, deployment instructions, and advanced topics such as hybrid connectivity methods, proxies, and private endpoints.

For those managing hybrid environments with Windows, don’t miss my complementary article on Installing Azure Arc Agent on Windows Server to achieve a unified management strategy.

Why use Azure Arc for Linux servers?

Linux servers are at the heart of modern IT operations, supporting everything from applications to containerized workloads. By integrating Linux systems into Microsoft Azure, Azure Arc offers the following benefits:

  • Centralized Governance: Apply Azure Policy and assign custom tags for compliance, organization, and cost tracking.
  • Advanced Monitoring: Use Azure Monitor to collect telemetry, gain insights, and set up proactive alerts.
  • Flexible Connectivity Methods: Choose between direct internet, proxies (via proxy URL and proxy port), or private endpoints for secure communication.
  • Automation at Scale: Streamline deployment with onboarding scripts or tools like Ansible.
  • Cost Visibility: Use tags and metadata to allocate costs effectively across projects and departments.

Real-world example: Azure Arc in action

A financial services company faced challenges managing Linux servers scattered across on-premises and AWS environments. By onboarding these servers as Azure Arc-enabled servers:

  • They applied physical location tags to identify costs by region and branch.
  • Hybrid connectivity without sacrificing security
  • Azure Monitor provided real-time insights, improving performance monitoring across their hybrid environment.
  • Azure Policy enforced compliance with regulatory requirements across multiple clouds.

Prerequisites for onboarding Linux servers

Before onboarding, confirm that your environment meets these requirements:

Supported Linux operating systems

Azure Arc supports popular distributions, including:

  • Ubuntu 18.04 and 20.04
  • Red Hat Enterprise Linux (RHEL) 7.6+ and 8
  • CentOS 7 and 8
  • SUSE Linux Enterprise Server (SLES) 12 SP3+

For the most up-to-date compatibility, refer to the official Azure Arc documentation.

Azure subscription

The following resource providers must be registered in your Azure subscription:

  • Microsoft.HybridCompute
  • Microsoft.GuestConfiguration

You can register these providers in the Azure Portal or via the Azure CLI:

az provider register --namespace Microsoft.HybridCompute
az provider register --namespace Microsoft.GuestConfiguration

It is also recommended to ensure your subscription has sufficient permissions, such as the Owner or Contributor role, for onboarding and managing Azure Arc-enabled servers.

Network connectivity and hybrid connectivity

Azure Arc supports three connectivity methods to suit different environments:

  1. Direct Internet Access: Outbound HTTPS traffic is required on port 443 to:
    • https://*.azure.com
    • https://*.microsoft.com
    • https://*.windows.net
  2. Proxy Configuration: For secure routing, configure a proxy URL and proxy port in the CMA settings.
  3. Private Endpoint: For environments requiring private network communication, Azure Private Link ensures all traffic remains within a private IP space.

Administrator permissions

Ensure you have sudo or root account permissions to install and configure the Azure Connected Machine Agent (CMA).

Step 1: Prepare your Linux server

Validate system readiness

  • Check your Linux distribution and version:
cat /etc/os-release
  • Test network connectivity to Azure endpoints:
nslookup management.azure.com

Ensure DNS resolution works correctly by running the above command. Connectivity issues often stem from misconfigured DNS settings.

Update Linux system packages

Keep the system up-to-date to ensure compatibility with Azure Arc:

sudo apt-get update && sudo apt-get upgrade # Ubuntu/Debian
sudo yum update # RHEL/CentOS

Step 2: Install the Azure Connected Machine Agent

The Azure Connected Machine Agent (CMA) is critical for onboarding Linux servers to Azure Arc.

Download and install the agent

Azure provides .deb and .rpm packages for different Linux distributions. These can be downloaded from the Microsoft Download Center.

For Ubuntu/Debian:

  • Download the .debpackage using wget.
  • Install the package using dpkg.
bashCopy code wget https://aka.ms/azure-connected-machine-agent-linux.deb
bashCopy code sudo dpkg -i azure-connected-machine-agent-linux.deb

For RHEL/CentOS:

  • Download the .rpm package.
  • Install the package.
bashCopy code wget https://aka.ms/azure-connected-machine-agent-linux.rpm
bashCopy code sudo rpm -ivh azure-connected-machine-agent-linux.rpm
  • Verify the agent installation:
bashCopy code
azcmagent show

Step 3: Connect the server to Azure Arc

Once the CMA is installed, connect your server to Azure Arc.

  • Use the following command to onboard the server
azcmagent connect --resource-group <ResourceGroupName> --tenant-id <TenantId> --location <AzureRegion> --subscription-id <SubscriptionId>
  • Replace placeholders with your Azure details:
    • ResourceGroupName: Azure resource group name.
    • TenantId: Azure Active Directory tenant ID.
    • AzureRegion: e.g., eastus.
    • SubscriptionId: Azure subscription ID.
  • Confirm the connection:
azcmagent show

Your server should now appear in the Azure Portal under Machines > Azure Arc. Note that from Azure’s perspective, it doesn’t matter whether your servers run Microsoft Windows or Ubuntu Linux. That’s the point: Arc-enabled servers all share the same Microsoft Cloud Platform security, governance, and compliance goodness.

Install Azure Arc agent on Linux - portal screenshot of the Azure Arc | Machines blade. You can see on Windows 11 Pro and one Ubuntu 20.04.6 server.
Note that Linux and Windows Server and client systems are all supported natively by Azure Arc (Image Credit: Tim Warner/Petri.com)

Step 4: Enable monitoring and Advanced Insights

Configure Azure Monitor

Azure Monitor provides detailed performance metrics, including CPU, memory, and disk utilization. To enable monitoring:

  1. Navigate to your onboarded server in Machines > Azure Arc.
  2. Select Insights and link the server to a Log Analytics Workspace.

Install the Log Analytics Agent

The Log Analytics Agent is essential for collecting advanced telemetry, such as performance metrics, system logs, and diagnostic data, from your Linux server. This agent integrates seamlessly with Azure Monitor, allowing you to gain deep insights into your system’s health and performance. To install the agent, download the onboarding script directly from the Microsoft GitHub repository:

wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh

sudo sh onboard_agent.sh -w <WorkspaceID> -s <WorkspaceKey>

Replace <WorkspaceID> with the unique ID of your Log Analytics Workspace and <WorkspaceKey> with the primary or secondary key for your workspace. These values can be found in the Azure Portal under Log Analytics Workspaces > Agents Management. Once installed, the agent will begin sending telemetry data to Azure Monitor, enabling you to configure alerts, dashboards, and advanced reporting for your hybrid environment.

Step 5: Connectivity methods – Proxy configuration and private endpoints

Proxy configuration

For environments without direct internet access, update the CMA settings with your proxy URL and proxy port:

  • Edit the /etc/azcmagent/config.jsonfile:
{
"proxy_url": "http://proxy.company.com",
"proxy_port": 8080
}
  • Restart the agent:
sudo systemctl restart azcmagent

Azure Private Link enables secure, private connectivity between your Linux server and Azure services, ensuring that all communication remains within your network. By routing traffic through a private IP space, Private Link eliminates the need for public IP addresses, greatly reducing your server’s exposure to Internet-based threats. This feature is especially valuable for organizations with strict compliance and data sovereignty requirements, as it keeps sensitive telemetry and management data within a controlled network boundary.

To implement a Private Endpoint, you need to create a private link in your Azure subscription and configure DNS settings to resolve Azure endpoints through the private IP address. This ensures seamless communication while maintaining isolation from public networks. Whether managing servers in a hybrid or multi-cloud environment, Private Link simplifies connectivity while providing an added layer of security.

For detailed instructions, refer to the Azure Private Link documentation.

Step 6: Organize resources with metadata and tags

Apply custom tags

Tags improve resource organization and cost tracking. Assign tags using the CLI:

az resource tag --tags Environment=Production Department=IT --ids <ResourceID>

Use the Tags blade

In the Azure portal, navigate to the Tags blade to inspect and manage tagged resources, streamlining your inventory management process.

Troubleshooting common issues

Installation errors

If the CMA installation fails, resolve dependency issues:

sudo apt-get install curl tar gzip # For Ubuntu/Debian
sudo yum install curl tar gzip # For RHEL/CentOS

Connection failures

  • Verify network connectivity:
curl -v https://management.azure.com
  • Check agent logs for errors:
sudo journalctl -u azcmagent

You can always use the azcmagent connect command to initiate a reconnection to Microsoft Azure. For example, you can see the process occurring in the following screen capture:

Console session shown with output from azcmagent connect comment reconnecting the local Ubuntu host to the Azure Arc management service.
Run azcmagent connect to reconnect your Linux server to Azure Arc (Image Credit: Tim Warner/Petri.com)

Unify Linux servers under a centralized control plane

Azure Arc revolutionizes hybrid IT management by unifying Linux servers under a centralized control plane. From flexible connectivity methods like proxies and private endpoints to advanced monitoring with Azure Monitor, Azure Arc simplifies operations while ensuring compliance and cost efficiency.

Looking for Windows-specific guidance? Check out my companion article on Installing Azure Arc Agent on Windows Server for tips on onboarding Windows endpoints, ensuring consistency across your hybrid infrastructure.

Table of contents

Table of contents

SHARE ARTICLE