Search Posts

Azure Linux Extensions: Custom Script for Linux

You have probably seen some extensions that are available on Azure, some of them listed/documented here:
Azure Linux Extensions

In this article, we will cover a few examples that you can use with the “Custom Script for Linux” extension.

This extension basically allows you to run a script inside a Linux VM, so as long as the Linux Agent (WAAGENT) is working correctly you should be able to use this extension without problems.

You can run this extension from the portal , so on your Azure Resource Manager (ARM) VM, you can access that by clicking:

VM Name > Extensions > Add > Select “Custom Script for Linux” > Create

screen-shot-2017-02-12-at-4-44-18-pm

After that all you will need is the upload the script you want to run and then change the “Command” line to the appropriate one to execute that file, so in this case we have created a bash script called adduser.sh , in this case the command line would be changed to: bash adduser.sh like in the screenshot below:

screen-shot-2017-02-12-at-1-37-27-pm

Click OK and the script will start to be deployed and executed inside your Linux VM.

In most cases, you will need to be familiar with shell scripting in Linux and also we highly recommend testing the script extensively before you run it and keep in mind to create a script that will handle any prompts or questions, since you won’t have access to it while it gets executed.

As a few simple examples, let’s assume you want to deal with any of these issues:
1) Disabling the UFW firewall on a Ubuntu Linux VM that is blocking access to the VM
2) Fixing wrong permissions on SSH Host Keys which are not allowing you to login to a given VM
3) Manually adding a new account to a VM when using the portal is not working properly for some reason

1) Disabling the UFW firewall on a Ubuntu Linux VM

Create an empty text file called “disableufw.sh” and add these lines into it:

#!/bin/bash
ufw disable
logger "ufw disabled by custom script"

This script will basically run the command ufw disable which disables the Ubuntu firewall and it will also log a message “ufw disabled by custom script” in the system logs using the logger command.

2) Fixing wrong permissions on SSH Host Key files

Create an empty text file called “fixsshkeys.sh” and add these lines into it:

#!/bin/bash chmod 640 /etc/ssh/ssh_host_ecdsa_key ssh_host_ed25519_key chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub chmod 600 /etc/ssh/ssh_host_rsa_key logger "SSH keys permission reset successfully"

This script will reset the the file permissions on the specified files above to its defaults.

3) Manually adding a new account with sudo access and SSH Key.

Create an empty text file called “adduser.sh” and add these lines into it:

For CentOS / RHEL and Oracle distributions

#!/bin/bash
# Make sure you use a username that is lowercase.
USERNAME=”rescue”

#Creates the user account using the name provided
useradd -m $USERNAME

logger “Azure custom script – adding $USERNAME”

# Creates SSH configuration folder for user.

mkdir -p /home/$USERNAME/.ssh

logger “Azure custom script – creating SSH configuration folder”

# Adding the SSH-Key data to the authorized_keys file for the given user.

# Replace the content “SSH-PUBLIC-KEY” with the public key for your user. echo SSH-PUBLIC-KEY >> /home/$USERNAME/.ssh/authorized_keys

logger “Azure custom script – adding SSH key for user $USERNAME”

# Adding user account to sudoers

echo “$USERNAME ALL = (ALL) ALL” > /etc/sudoers.d/$USERNAME

For SUSE distributions

#!/bin/bash

# Input your desired password

# Make sure you use a username that is lowercase.

USERNAME=”rescue”

# Creates the user account using the name provided

useradd -m $USERNAME -G users

logger “Azure custom script – adding $USERNAME”

# Creates SSH configuration folder for user

mkdir -p /home/$USERNAME/.ssh

logger “Azure custom script – creating SSH configuration folder”

# Adding the SSH-Key data to the authorized_keys file for the given user.

# Replace the content “SSH-PUBLIC-KEY” with the public key for your user. echo “SSH-PUBLIC-KEY” >> /home/$USERNAME/.ssh/authorized_keys

logger “Azure custom script – adding SSH key for user $USERNAME”

# Adding user account to sudoers.

echo “$USERNAME ALL = (ALL) NOPASSWD: ALL” > /etc/sudoers.d/$USERNAME

logger “Azure custom script – creating $USERNAME sudoers file”

For Ubuntu / Debian distributions

#!/bin/bash # Make sure you use a username that is lowercase. USERNAME="rescue" # Creates the user account using the name provided. useradd -m -G sudo $USERNAME logger "Azure custom script - adding $USERNAME" # Creates SSH configuration folder for user. mkdir -p /home/$USERNAME/.ssh logger "Azure custom script - creating SSH configuration folder" # Adding the SSH-Key data to the authorized_keys file for the given user. # Replace the content "SSH-PUBLIC-KEY" with the public key for your user. echo "SH-PUBLIC-KEY" >> /home/$USERNAME/.ssh/authorized_keys logger "Azure custom script - adding SSH key for user $USERNAME"

# Make sure you use a username that is lowercase. USERNAME="rescue" # Creates the user account using the name provided. useradd -m -G sudo $USERNAME logger "Azure custom script - adding $USERNAME" # Creates SSH configuration folder for user. mkdir -p /home/$USERNAME/.ssh logger "Azure custom script - creating SSH configuration folder" # Adding the SSH-Key data to the authorized_keys file for the given user. # Replace the content "SSH-PUBLIC-KEY" with the public key for your user. echo "SH-PUBLIC-KEY" >> /home/$USERNAME/.ssh/authorized_keys logger "Azure custom script - adding SSH key for user $USERNAME"

The scripts above you basically create an account named “rescue” and it will use the SSH public key added to login, just make sure you replace the field “SSH-PUBLIC-KEY” with the contents of your SSH public key.

For more reference around the extension and other ways to execute it such as using Azure PowerShell or Azure CLI, you can check this page:
Custom Script for Linux

Leave a Reply

Your email address will not be published. Required fields are marked *