Skip to content

skiddder/arc-run-command

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
cli
cli
 
 
rbac
rbac
 
 
rest
rest
 
 
README.md
README.md
 
 

Repository files navigation

arc-run-command

Demo how to use run-command on connected machines. Run-Command allows you to execute a script on an arc-enabled machine without logging in locally. Using a loop to kick-off a run-command on a bunch of machines is a powerful way to roll-out configuration changes at scale. In this demo we exeucte a Hello World PowerShell script on a Windows machine. But the run-command works in the same way also for Linux - you would just use a shell or python script instead.

Prerequisites

  • An Azure subscription, ideally with owner permissions, but contributor on a resource group will be sufficient for this demo.
  • bash shell
  • Azure CLI version >= 2.74
  • Azure CLI connectedmachine extension version >= 2.0.0b1
# if not installed:
az extension add --name connectedmachine --allow-preview
  • An arc-enabled windows server. I tested with Win 2022 Azure Edition.

In your bash shell make sure you are logged into your Azure subscription - i.e.:

az login # interactive login

az account show # to verify what subscription is selected

Lookup your arc-enabled machine name and the resource group where it's located. You will need them to initiate the command. You can either use the Rest API directly, use the Azure CLI rest subcommand or use the CLI extension "connectedmachine".

Using Rest API

  • Navigate to the folder "rest"
  • open the file run-command.sh in your favorite editor and adjust the parameter values for machine_name and resource_group according to your environment.
# ensure you have execute permissions on the shell script
chmod +x demo-REST.sh

# start the script which makes the REST call
./demo_REST.sh

Using the connectedmachine extension

  • Navigate to the folder "cli"
  • open the file run-command.sh in your favorite editor and adjust the parameter values for machine_name and resource_group according to your environment.
# ensure you have execute permissions on the shell script
chmod +x run-command.sh

# start the script which calls az connectedmachine run-command
./run-command.sh

Access Control

In a production environment, you might not want to allow all people to remotely execute script on all your servers. You can use fine grained permission to limit access as required. In folder "rbac" you find a template for a custom role which only has permission to execute run-command on an arc-enabled machine.

You can also build custom role which does explicitly not have the permission to execute run-command by putting the operations

  • Microsoft.HybridCompute/machines/runcommands/write
  • Microsoft.HybridCompute/machines/runcommands/delete

to the "notActions" instead of the "actions".

Please refer to https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal for instructions on how to create a custom role from the template provided in this repo.

About

Demo how to use run-command on connected machines.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages