Deploy Custom Script Extension on Azure Arc Linux and Windows servers using Extension Management

The following README will guide you on how to execute custom scripts on Azure Arc-enabled servers by using Virtual Machine extensions. Virtual machine extensions are small applications that provide post-deployment configuration and automation tasks such as software installation, anti-virus protection, or a mechanism to run a custom script.

You can use the Azure portal, Azure CLI, an ARM template, PowerShell or Linux Shell script, or Azure policies to manage the extension deployment to Azure Arc-enabled servers. In this guide, we will use an ARM template to deploy the custom script extension. This extension downloads and executes scripts on virtual machines and it is useful for post deployment configuration, software installation, or any other configuration or management tasks.

Note: This guide assumes you already deployed VMs or servers that are running on-premises or other clouds and you have connected them to Azure Arc but If you haven’t, this repository offers you a way to do so in an automated fashion:

Prerequisites

  • Clone the Azure Arc Jumpstart repository

    git clone https://github.com/microsoft/azure_arc.git
    
  • As mentioned, this guide starts at the point where you already deployed and connected VMs or servers to Azure Arc. In the screenshots below you can see a GCP server has been connected with Azure Arc and is visible as a resource in Azure.

    Screenshot Azure Arc-enabled server on resource group

    Screenshot Azure Arc-enabled server on connected status

  • Install or update Azure CLI. Azure CLI should be running version 2.7** or later. Use az --version to check your current installed version.

  • Create Azure Service Principal (SP)

    To connect a VM or bare-metal server to Azure Arc, Azure service principal assigned with the “contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    For example:

    az ad sp create-for-rbac -n "http://AzureArcServers" --role contributor
    

    Output should look like this:

    {
    "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "displayName": "AzureArcServers",
    "name": "http://AzureArcServers",
    "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    Note: It is optional but highly recommended to scope the SP to a specific Azure subscription and resource group.

  • In order to demonstrate the custom script extension, we will use the below Linux and Windows scripts.

    • Linux: The script will modify the message of the day (MOTD) on the operating system.
    • Windows: The script will install Windows Terminal, Microsoft Edge, 7zip and Visual Studio Code Chocolaty packages on the VM.

Azure Arc-enabled servers Custom Script Extension Deployment

  • Edit the extensions parameters file for Windows or for Linux

    Screenshot parameters file

  • To match your environment configuration, you will need to provide the following information:

    • The VM name as it is registered in Azure Arc.

      Screenshot Azure Arc-enabled server machine name

    • The location of the resource group where you registered the Azure Arc-enabled server.

      Screenshot Azure region

    • A public Uri for the script that you would like to run on the servers, in this case use the URL for the script in raw format.

    • To run either script, use the below commands:

      • Windows:

        powershell -ExecutionPolicy Unrestricted -File custom_script_windows.ps1
        
      • Linux:

        ./custom_script_linux.sh
        
  • To deploy the ARM template for Linux or Windows, navigate to the deployment folder and run the below command with the templates that match your operating system:

    az deployment group create --resource-group <Name of the Azure resource group> \
    --template-file <The *customscript-template.json* template file location for Linux or Windows> \
    --parameters <The *customscript-template.parameters.json* template file location>
    
  • Once the template deployment has completed it’s run, you should see an output as follows:

    Screenshot ARM template output

  • To verify a successful deployment on the Azure Arc-enabled server, in the Azure Portal, by clicking on “Extensions” settings. You should see the Custom Script extension installed.

    Screenshot custom script extension

  • Another way to verify successful custom script execution is by connecting to the VMs and verifying that the operating system has been configured.

    • For the Linux VM, use SSH to connect the VM and check out the message of the day which was customized by the script:

      Screenshot message of the day changed

    • For the Windows VM, use RDP to connect the VM and verify that the additional software has been installed: Microsoft Edge, 7zip and Visual Studio Code.

      Screenshot additional software installed

Clean up environment

Complete the following steps to clean up your environment.

Remove the virtual machines from each environment by following the teardown instructions from each guide.