You have probably seen some extensions that are available on Azure, some of them listed/documented here:
Azure Linux Extensions
In this article, we will cover a few examples that you can use with the “Custom Script for Linux” extension.
This extension basically allows you to run a script inside a Linux VM, so as long as the Linux Agent (WAAGENT) is working correctly you should be able to use this extension without problems.
You can run this extension from the portal , so on your Azure Resource Manager (ARM) VM, you can access that by clicking:
VM Name > Extensions > Add > Select “Custom Script for Linux” > Create
After that all you will need is the upload the script you want to run and then change the “Command” line to the appropriate one to execute that file, so in this case we have created a bash script called adduser.sh , in this case the command line would be changed to: bash adduser.sh like in the screenshot below:
Click OK and the script will start to be deployed and executed inside your Linux VM.
In most cases, you will need to be familiar with shell scripting in Linux and also we highly recommend testing the script extensively before you run it and keep in mind to create a script that will handle any prompts or questions, since you won’t have access to it while it gets executed.
As a few simple examples, let’s assume you want to deal with any of these issues:
1) Disabling the UFW firewall on a Ubuntu Linux VM that is blocking access to the VM
2) Fixing wrong permissions on SSH Host Keys which are not allowing you to login to a given VM
3) Manually adding a new account to a VM when using the portal is not working properly for some reason
1) Disabling the UFW firewall on a Ubuntu Linux VM
Create an empty text file called “disableufw.sh” and add these lines into it:
#!/bin/bash
ufw disable
logger "ufw disabled by custom script"
This script will basically run the command ufw disable which disables the Ubuntu firewall and it will also log a message “ufw disabled by custom script” in the system logs using the logger command.
2) Fixing wrong permissions on SSH Host Key files
Create an empty text file called “fixsshkeys.sh” and add these lines into it:
#!/bin/bash
chmod 640 /etc/ssh/ssh_host_ecdsa_key ssh_host_ed25519_key
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
chmod 600 /etc/ssh/ssh_host_rsa_key
logger "SSH keys permission reset successfully"
This script will reset the the file permissions on the specified files above to its defaults.
3) Manually adding a new account with sudo access and SSH Key.
Create an empty text file called “adduser.sh” and add these lines into it:
For CentOS / RHEL and Oracle distributions
#!/bin/bash
# Make sure you use a username that is lowercase.
USERNAME=”rescue”
#Creates the user account using the name provided
useradd -m $USERNAME
logger “Azure custom script – adding $USERNAME”
# Creates SSH configuration folder for user.
mkdir -p /home/$USERNAME/.ssh
logger “Azure custom script – creating SSH configuration folder”
# Adding the SSH-Key data to the authorized_keys file for the given user.
# Replace the content “SSH-PUBLIC-KEY” with the public key for your user. echo SSH-PUBLIC-KEY >> /home/$USERNAME/.ssh/authorized_keys
logger “Azure custom script – adding SSH key for user $USERNAME”
# Adding user account to sudoers
echo “$USERNAME ALL = (ALL) ALL” > /etc/sudoers.d/$USERNAME
For SUSE distributions
#!/bin/bash
# Input your desired password
# Make sure you use a username that is lowercase.
USERNAME=”rescue”
# Creates the user account using the name provided
useradd -m $USERNAME -G users
logger “Azure custom script – adding $USERNAME”
# Creates SSH configuration folder for user
mkdir -p /home/$USERNAME/.ssh
logger “Azure custom script – creating SSH configuration folder”
# Adding the SSH-Key data to the authorized_keys file for the given user.
# Replace the content “SSH-PUBLIC-KEY” with the public key for your user. echo “SSH-PUBLIC-KEY” >> /home/$USERNAME/.ssh/authorized_keys
logger “Azure custom script – adding SSH key for user $USERNAME”
# Adding user account to sudoers.
echo “$USERNAME ALL = (ALL) NOPASSWD: ALL” > /etc/sudoers.d/$USERNAME
logger “Azure custom script – creating $USERNAME sudoers file”
For Ubuntu / Debian distributions
#!/bin/bash
# Make sure you use a username that is lowercase.
USERNAME="rescue"
# Creates the user account using the name provided.
useradd -m -G sudo $USERNAME
logger "Azure custom script - adding $USERNAME"
# Creates SSH configuration folder for user.
mkdir -p /home/$USERNAME/.ssh
logger "Azure custom script - creating SSH configuration folder"
# Adding the SSH-Key data to the authorized_keys file for the given user.
# Replace the content "SSH-PUBLIC-KEY" with the public key for your user.
echo "SH-PUBLIC-KEY" >> /home/$USERNAME/.ssh/authorized_keys
logger "Azure custom script - adding SSH key for user $USERNAME"
# Make sure you use a username that is lowercase. USERNAME="rescue" # Creates the user account using the name provided. useradd -m -G sudo $USERNAME logger "Azure custom script - adding $USERNAME" # Creates SSH configuration folder for user. mkdir -p /home/$USERNAME/.ssh logger "Azure custom script - creating SSH configuration folder" # Adding the SSH-Key data to the authorized_keys file for the given user. # Replace the content "SSH-PUBLIC-KEY" with the public key for your user. echo "SH-PUBLIC-KEY" >> /home/$USERNAME/.ssh/authorized_keys logger "Azure custom script - adding SSH key for user $USERNAME"
The scripts above you basically create an account named “rescue” and it will use the SSH public key added to login, just make sure you replace the field “SSH-PUBLIC-KEY” with the contents of your SSH public key.
For more reference around the extension and other ways to execute it such as using Azure PowerShell or Azure CLI, you can check this page:
Custom Script for Linux
Recent Comments