azure arc blog

Azure Arc is becoming the default Microsoft Azure service for connecting non-Azure infrastructure into Azure monitoring and administration.  Azure has also issued a deprecation notice for the Azure Log Analytics Agents; Microsoft Monitoring Agent and Log Analytics (OMS).  Azure Monitor Agent replaces these agents, introducing a simplified, flexible method of configuring collection configuration called Data Collection Rules. To leverage Azure Monitor Agent with their non-Azure servers, customers will need to onboard their machines to Azure Arc-enabled servers. 

This article covers how to use Red Hat Ansible Automation Platform to migrate servers that are currently using Azure Log Analytics Agent to Azure Monitor Agent on Azure Arc using Ansible Automation Platform.  When you have completed the configuration in this blog, you will be able to run a workflow against an automation controller inventory that performs the following tasks:

  1. Ensures that the Azure Arc agent is installed on each machine.  In cases where the agent is not installed, then it will be installed.
  2. Enable the Azure Monitor Agent on Arc enabled machines.
  3. Disable the Log Analytics Agent.
  4. Uninstall the Log Analytics Agent.

Since the example workflow in this blog post is modular, you may also implement the entire workflow in phases so that you deploy the Arc Agent, migrate to the Azure Monitor Agent, and uninstall the Log Analytics Agent in phases.  Once your phases are proven to work, then the entire workflow can be run against fleets of servers for migration.

Content from the Ansible Content Lab for Cloud Automation has already been developed to perform the automation for this effort.  This article will cover importing that content as a project in automation controller to build a workflow that will perform the automation previously mentioned.

Ansible Automation Platform can automate the deployment of Arc services across your IT landscape to make onboarding to Azure Arc fast and reliable.

The Ansible content examples in this post target Linux hosts, but the playbooks can be altered to accommodate Windows hosts as well.

Prerequisites

Automation controller

This post assumes that you are using automation controller 2.x.  This blog is applicable to both self-managed Ansible Automation Platform and Red Hat Ansible Automation Platform on Microsoft Azure.

Automation execution environment

In order to leverage the examples in this article, you will need an automation execution environment with both the Azure Collection and the Azure CLI installed since both are used in running the automation.

If you do not have an automation execution environment that meets the requirements, then you may use this example.  

quay.io/scottharwell/cloud-ee:latest

Building and configuring automation execution environments is outside the scope of this article, but there is other content specifically devoted to that topic.

Host inventory

You will need an inventory of Linux hosts configured in automation controller that contains a list of VMs that will use Azure Arc and the Azure Monitor Agent.

Azure Resource Manager credential

You will need to have a working account credential configured in Ansible Automation Platform for the Azure Resource Manager.  Your credential is what is used by Ansible Automation Platform to authenticate operations using the Azure Collection and the Azure CLI.

Server Machine Credential

You will need a configured “Machine Credential” configured in aAutomation controller for SSH access to the servers in your host inventory.

Azure Log Analytics workspace

The example in this blog post assumes that your organization is already using the Azure Log Analytics Agent and that servers are pre-configured to report data to a Log Analytics workspace.  You will need the name and resource group of the Log Analytics Workspace that you are migrating from.

Configuring the Content

The examples in this post rely on content that has been developed and incubated by Red Hat as example content through the Ansible Content Lab for Cloud Content.

This blog post will make use of the Azure Infrastructure Configuration Demo Collection, which contains a number of roles and playbooks that manage Azure use cases including those with Azure Arc-enabled servers and Azure Log Analytics.

To use this collection in automation controller, set up a project with the repository using the following steps.

  1. Login to automation controller.
  2. Click “Projects” from the left menu.
  3. Click “Add”.
  4. Fill out the form as follows:
    1. Name: Content Lab - Azure Infrastructure Configuration Collection
    2. Automation execution environment: <Select with the Azure Collection and CLI installed>
    3. Source Control Type: Git
    4. Source Control URL: https://github.com/ansible-content-lab/azure.infrastructure_config_demos.git
  5. Click “Save”.

Once you save, then the project should be synchronized with automation controller.

Migrating Azure Agents

The Ansible Content Lab for Cloud Content project contains example playbooks that implement the reusable content found in the example roles.  You may learn more about the individual roles in the Collection by viewing the README.md file included with the Collection.

In this example, we will assume that our Linux servers are already running the Azure Log Analytics Agent, but do not yet have the Azure Arc Agent installed.  If your organization relies on other Azure services that use the Log Analytics Agent, then you may need to plan for extra data collection rules prior to migrating to the Connected Machine agent.

We will create a workflow that will leverage the following playbooks to install the Arc Agent, deploy the Azure Monitor Agent, disable the Log Analytics Agent, and then uninstall the log Analytics Agent. 

  • install_arc_agent.yml
  • replace_log_analytics_with_arc_linux.yml
  • uninstall_log_analytics_agent.yml

This workflow will perform the following tasks:

  1. Installs the Azure Arc Agent on all of the VMs identified in inventory.
  2. Enables the Azure Monitor Agent extension via Arc.
  3. Disables the Azure Log Analytics Agent extension via Arc.
  4. Uninstalls the Azure Log Analytics Agent if flagged.

Create templates

The following templates need to be created prior to creating our workflow.

Install Arc Agent

This playbook is responsible for installing the Connected Machine agent on hosts within the provided inventory.  A successful run will have installed the Arc agent on all machines.

Follow these steps to create the job template.

  1. Click “Templates” on the right menu.
  2. Click the “Add” button.
  3. Select “Add job template”.
  4. Fill out the following fields:
    1. Name: Content Lab - Install Arc Agent
    2. Job Type: Run
    3. Inventory: <your linux host inventory>
    4. Project: Content Lab - Azure Infrastructure Configuration Collection
    5. Playbook: playbooks/replace_log_analytics_with_arc_linux.yml
    6. Credentials:
      1. <Your Azure Resource Manager Credential>
      2. <Your Host Inventory Machine Credential>
    7. Variables:

      ---
      region: eastus
      resource_group_name: sh-rg
      subscription_id: "{{ lookup('env', 'AZURE_SUBSCRIPTION_ID') }}"
      service_principal_id: "{{ lookup('env', 'AZURE_CLIENT_ID') }}"
      service_principal_secret: "{{ lookup('env', 'AZURE_SECRET') }}"
      tenant_id: "{{ lookup('env', 'AZURE_TENANT') }}"
      

      Note: The operations in this playbook happen through the Azure CLI.   Most of these variables are set to pass along the proper variable from the Azure Resource Manager credential to the CL

    8. Options:
      1. Privilege Escalation: true
  5. Click “Save”. 

Replace log analytics

This playbook is responsible for migrating from the Log Analytics Agent to the Azure Monitor Agent by enabling the Azure Monitor Agent extension and disabling the Azure Log Analytics extension (if used via the Arc Agent).

Follow these steps to create the job template.

  1. Click “Templates” on the right menu.
  2. Click the “Add” button.
  3. Select “Add job template”.
  4. Fill out the following fields:
    1. Name: Content Lab - Replace Log Analytics with Arc Agent
    2. Job Type: Run
    3. Inventory: <your linux host inventory>
    4. Project: Content Lab - Azure Infrastructure Configuration Collection
    5. Playbook: playbooks/replace_log_analytics_with_arc_linux.yml
    6. Credentials:
      1. <Your Azure Resource Manager Credential>
      2. <Your Host Inventory Machine Credential>
    7. Variables:

      —
      Region: <Azure Region>
      resource_group_name: <Resource Group Name>
      linux_hosts: "{{ hostvars.values() | selectattr('group_names','contains', 'linux') | map(attribute='inventory_hostname') | list }}"
      

      Note: The linux_hosts variable is used to create a list of hostnames to send to the Azure Collection and is not directly related to a host inventory.  You may set this list in any way that Ansible supports.  In this case, the variable attempts to pull host names from groups with “linux” in the group name.

  5. Click “Save”.

Uninstall Log Analytics

This playbook will attempt to run the Log Analytics Agent uninstall script if the Log Analytics Agent was installed outside of the Azure Arc Agent.

Follow these steps to create the job template.

  1. Click “Templates” on the right menu.
  2. Click the “Add” button.
  3. Select “Add job template”.
  4. Fill out the following fields:
    1. Name: Content Lab - Uninstall Log Analytics Agent
    2. Job Type: Run
    3. Inventory: <your linux host inventory>
    4. Project: Content Lab - Azure Infrastructure Configuration Collection
    5. Playbook: playbooks/uninstall_log_analytics_agent.yml
    6. Credentials:
      1. <Your Host Inventory Machine Credential>
    7. Options:
      1. Privilege Escalation: true
  5. Click “Save”.

Creating the workflow

An automation controller workflow allows you to construct complex automation by connecting automation templates and other actions together.  This workflow example is a simple linear flow that enables the end-to-end scenario in this example, but other nodes could be added for context such as error handling, human approvals, etc.

  1. Click “Templates” on the right menu.
  2. Click the “Add” button.
  3. Select “Add workflow template”.
  4. Fill out the following fields:
    1. Name: Content Lab - Migrate Log Agent to Azure Monitor
    2. Job Type: Run
    3. Inventory: <your linux host inventory>
    4. Project: Content Lab - Azure Infrastructure Configuration Collection
  5. Click “Save”.
  6. Click “Start” to begin the workflow designer.
  7. Set “Node Type” to “Job Template” and select “Content Lab - Install Arc Agent”.
  8. Click “Save”.
  9. Hover over the “Content Lab - Install Arc Agent” node and press the “+” button.
  10. Select “On Success”.
  11. Click “Next”.
  12. Set “Node Type” to “Job Template” and select “Content Lab - Replace Log Analytics with Arc Agent”.
  13. Click “Next”.
  14. Remove all variables in the “Variables” field except for “linux_hosts”.  We will set these via a survey in later steps.
  15. Click “Next”.
  16. Click “Save”.
  17. Hover over the “Content Lab - Replace Log Analytics with Arc Agent” node and press the “+” button.
  18. Select “On Success”.
  19. Click “Next”.
  20. Set “Node Type” to “Job Template” and select “Content Lab - Uninstall Log Analytics Agent”.
  21. Click “Save”.
  22. Click “Save” at the top right corner of the workflow designer.

You will now have a workflow that looks like this:

We want to add survey questions to the workflow so that we can collect input when the workflow is run.

  1. Click “Survey” from the workflow details screen.
     

  2. Click “Add”.
  3. Fill out the form with the following values:
    1. Question: Which Azure region will your Arc servers reside?
    2. Answer variable name: region
    3. Required: true
    4. Answer type: Text
  4. Click “Save”.
  5. Click “Add”.
  6. Fill out the form with the following values:
    1. Question: What is the name of your resource group?
    2. Answer variable name: resource_group_name
    3. Required: true
    4. Answer type: Text
  7. Click “Save”.
  8. Click “Add”.
  9. Fill out the form with the following values:
    1. Question: What is the name of your Log Analytics Workspace?
    2. Answer variable name: analytics_workspace_name
    3. Required: true
    4. Answer type: Text
  10. Click “Save”.
  11. From the Survey list screen, ensure that the survey is enabled.

Your workflow has now been created!

Running the workflow

Now that you have the workflow created, you can run the workflow at any time.  When you click the “launch” 🚀 icon, the survey that you configured will be presented so that you can update the variables across automation runs.  This will allow you to move Log Analytics connected servers that are assigned to different regions or Resource Groups as needed.

 

Conclusion

After following the steps in this post, you have created an automation workflow that migrates your Linux-based machines from the Azure Log Analytics Agent to the Azure Monitor Agent.  This example took advantage of content from the Ansible Content Lab for Cloud Automation to make implementation fast and easy.  You may submit content ideas to the Ansible Content Lab for Cloud Content here.


About the author

Scott Harwell is a Principal Product Manager at Red Hat for Ansible on Clouds. His focus is the delivery of Ansible Automation Platform offerings on hyperscaler cloud vendors such as Microsoft Azure and AWS. Prior to joining Red Hat, Scott held product management, development, and consulting roles for Oracle, AST Corporation, Tech Machine, and Volvo. Scott is a cloud enthusiast with experience and certifications across many cloud providers. He is passionate about automation and likes to find creative ways to improve IT, technical, and business processes.

Read full bio