If your migrating old workloads to Azure occasionally you may not be able to use the latest Operating Systems. In these circumstances it may be useful to still be able to use the OMS agent to monitor your VM.

For CentOS – you really need to get to version 5.8 or above which has native support for Hyper-V, the Hypervisor that runs under the covers on Azure

Fix the CentOS repos to get the last released patches:

# cd /etc/yum.repos.d

edit CentOS-Base.repo and comment mirror list – change baseurl to start:

baseurl=http://vault.centos.org/5.11/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://vault.centos.org/5.11/updates/$basearch/

set the date correctly & hostname ip in /etc/hosts

Get the repo for syslog (needed later) 

# cd /etc/yum.repos.d
# wget http://rpms.adiscon.com/v8-stable/rsyslog.repo

Update the OS and install required software

# yum update
# yum groupinstall “Development Tools”
# yum groupinstall “Development Libraries”
# yum install python-ctypes
# yum install rsyslog

Update openssl (for TLS 1.2 support)

# wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz  —no-check-certificate
# tar -zxvf openssl-*.tar.gz
# cd openssl-*
# ./config -fpic shared && make && make install
# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf$ ldconfig

Install updated version of wget

# wget http://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz –no-check-certificate
# tar -xzvf wget-1.19.5.tar.gz
# cd wget-1.19.5
# make clean
# ./configure –with-ssl=openssl –with-libssl-prefix=/usr/local/ssl
# make && make install
# yum -y remove wget
# mv /usr/bin/wget /usr/bin/wget.orig
# ln -s /usr/local/bin/wget /usr/bin/wget

Install Updated version of Python

need late 2.7 (2.7.15) to support tls1.2

# wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz –no-check-certificate
# export CCFLAGS=”-I/usr/local/ssl/include/openssl”
# export LD_LIBRARY_PATH=”/usr/local/ssl/lib/”
# export LDFLAGS=”-L/usr/local/ssl/lib”
# make clean
# ./configure  –with-ensurepip=install –prefix=/usr/local

The final result of ./configure –prefix=$DEPLOY may looks like follows:

Python build finished, but the necessary bits to build these modules were not found:
_tkinter           bsddb185           dl
gdbm               imageop            sunaudiodev

To find the necessary bits, look in setup.py in detect_modules() for the module’s name.
It will show you the modules that can not be build, note that some of them are unnecessary or deprecated:
 
_tkinter: For tkinter graphy library, unnecessary if you don’t develop tkinter programs.
bsddb185: Older version of Oracle Berkeley DB. Undocumented. Install version 4.8 instead.
dl: For 32-bit machines. Deprecated. Use ctypes instead.
imageop: For 32-bit machines. Deprecated. Use PIL instead.
sunaudiodev: For Sun hardware. Deprecated

# make
# make altinstall

Check we have TLS 1.2 support

# python2.7
>>> import ssl
>>> print ssl.OPENSSL_VERSION
1.0.2

# pip2.7 uninstall cryptography
# pip2.7 install cryptography

Setup the python virtual environment

#/usr/local/bin/easy_install-2.7 virtualenv
# mkdir -p va/oms
# virtualenv va/oms
# cd va/oms/bin
# source activate

edit /etc/sysconfig/selinux
disabled

# wget https://github.com/Microsoft/OMS-Agent-for-Linux/releases/download/OMSAgent_v1.6.0-42/omsagent-1.6.0-42.universal.x64.sh –no-check-certificate

# ./omsagent-1.6.0-42.universal.x64.sh –install

(oms) [root@localhost bin]# ./omsadmin.sh -w 2 -s
………….
Starting Operations Management Suite agent (
info      Configured omsconfig

Start OMS and check the logs for any problems

# /opt/microsoft/omsagent/bin/service_control restart
# tail -100 /var/opt/microsoft/omsagent/log/omsagent.log

clearing selinux messages:

# audit2allow -a
# audit2allow -a -M myallow
# semodule -i myallow.pp

Install updated curl Package

# mkdir ~/src/$ cd ~/src/
This installs curl in /usr/local/bin/curl
# cd /root/src$ wget http://curl.haxx.se/download/curl-7.42.1.tar.gz
# tar -xzvf curl-*.tar.gz
# cd curl-*
# ./configure –with-ssl=/usr/local/ssl –disable-ldap && make && make install

Install updated openssh

# wget https://mirror.bytemark.co.uk/pub/OpenBSD/OpenSSH/portable/openssh-7.7p1.tar.gz –no-check-certificate
# ./configure –with-ssl-dir=/usr/local/ssl
# make
# make install

Install Azure waagent

# wget https://github.com/Azure/WALinuxAgent/archive/master.zip
(oms) python setup.py install –register-service
# more /usr/lib/systemd/system/waagent.service
# python -u /usr/sbin/waagent -daemon

If you run Linux VM’s on Azure, then you at some point will want to call a Custom Script Extension that runs your own script (bash etc) to perform some operations within the virtual machine.

There are a few options for doing this including of course using chef and puppet, or as is documented here simply calling a Custom Script Extension with your own script.

When experimenting with doing this I found a lot of the documentation describing how to do this was out of date principally because it did not use the “customScript” extension type  (publisher  Microsoft.Azure.Extensions).

Note for Windows VM’s you use a different custom extension type “CustomScriptExtension” (publisher Microsoft.Compute) – see the commented section in the middle of the PowerShell script below

Listed below is the PowerShell to execute a command “command2.sh” which is stored as a blob in an Azure storage account in a container named “myscripts”. The PowerShell also grabs any output (stdout) from command2.sh – (getting stderr would be done in a similar way)

This script assumes you are using ARM and have previously logged into Azure from PowerShell (login-AzureRmAccount) and if required set the default subscription (Select-AzureRmSubscription)

$rg='your-resource-group'
$vmname='yourvm'
$storageaccountname='your-storage-account-name'
$cont='myscripts'
$Extensionname='customScript'
$vm = Get-AzurermVM -Name $vmname -ResourceGroupName $rg
# get the storage key
$key = (Get-AzureRmStorageAccountKey -Name $storageaccountname -ResourceGroupName $rg).value[0]
if (!$key) {
    write-output "Could not find a storage key"
    exit
}
#
# check if there's an existing custom script extension
# if there is remove it - your only allowed one at a time
#
$extname = ($VM.Extensions | Where { $_.VirtualMachineExtensionType -eq 'customScript' }).name
if ($extname) {
    write-output "removing existing extension: $extname"
    remove-azurermvmextension -name $extname  -ResourceGroupName $rg  -VMName $vmname -force
    write-output "removed - waiting 10 seconds ...."
    start-sleep -Seconds 10
}
# get extension types
# for windows use:
# Get-AzureRmVMExtensionImage -Location westeurope -PublisherName Microsoft.Compute -Type CustomScriptExtension
# for Linux use:
# Get-AzureRmVMExtensionImage -Location westeurope -PublisherName Microsoft.Azure.Extensions -Type customScript
#
#
#For Linux:
#
# Setup for call to Set-AzureRmExtension
#
$TheURI = "https://$storageaccountname.blob.core.windows.net/myscripts/command2.sh"
$Settings = @{"fileUris" = @($TheURI); "commandToExecute" = "./command2.sh"};
$ProtectedSettings = @{"storageAccountName" = $storageaccountname; "storageAccountKey" = $key};
#
Set-AzureRmVMExtension -ResourceGroupName $rg -Location $vm.location -VMName $vmname -Name "customScript" -Publisher "Microsoft.Azure.Extensions" -Type "customScript" -TypeHandlerVersion "2.0" -Settings $Settings -ProtectedSettings $ProtectedSettings
#
if ($?) {
  write-output "set extension ok"
  #
  # Get script extension output
  #
  $extout=((Get-AzureRmVM -Name $VMName -ResourceGroupName $RG -Status).Extensions | Where-Object {$_.Name -eq $ExtensionName}).statuses.Message
  #
  # Parse the stdout 
  #
  $stdout=$extout.substring($extout.indexof('[stdout]')+8,$extout.indexof('[stderr]')-$extout.indexof('[stdout]')-8)
  $stdout=$stdout.trim()
  write-output "stdout from command: $settings.commandToExecute"
  $stdout
  }
  else
  {
    write-output "set extension problem?"
  }
#
#

 

The above will be particularly useful when developing runbooks that are called as steps in a Azure Site Recovery plan.

If Multiple Linux VM’s are involved in the recovery plan it’s often necessary to query hostnames, assigned IP addresses or other information from Virtual Machine A and feed that  information as parameter into Virtual Machine B etc.  so it can correctly configure itself with Virtual Machine A’s information as part of the failover process.

Eg. As part of the failover plan – custom script extension 1 runs on VM1 (database server) and returns the hostname/ip address etc  – which are then passed as parameters into custom extension script 2 run by VM2 (web server) which using the script reconfigures itself to use the new hostname/ip address given to the database server as it failed over into Azure, as this may be different to what was used ‘on-premise’ (or from the source Azure region if your using Azure to Azure ASR).