Azure Arc: – How To Update Arc Agent Using Azure Automation

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Hi there :smile:, in my previous post named Maintain Your Microsoft Monitoring Agent Up To Date With Azure Automation, I discussed a possible method for updating the Microsoft Monitoring Agent (MMA) at scale.

Today I would like to talk to you about a similar approach to use on Azure Arc enabled servers. The corresponding agent called Connected Machine agent receives improvements on an ongoing basis. You can check the what is the latest version and what’s in it on the What's new with Azure Arc enabled servers agent Microsoft’ documentation page.

 

BrunoGabrielli_0-1627377959081.png

 

Since the Connected Machine agent (aka Arc agent) is not an extension, it cannot be updated automatically by the Azure platform itself as for other extensions (i.e., MMA, AMA, Dependency agent, etc.). With that said, and always considering the Shared responsibility in the cloud, how can you maintain that agent up to date?

 

BrunoGabrielli_1-1627377959093.png

 

Well, there are at least three methods:

  1. Azure Automation
  2. Software Distribution
  3. Windows Update

In this post I will focus on the 1st method that requires, indeed, an Automation Account already created and configured as well as the Hybrid Runbook Worker role deployed on the Arc enabled server you want to update the agent on (see image below for an overview of communication flow).

 

BrunoGabrielli_2-1627377959101.png

 

Without focusing on the Automation Account and Hybrid Runbook Workers for which you can refer to the documentation, let us get into the PowerShell that the runbook is made of. The script requires just one parameter: the proxy server, with which the target Arc enabled server can connect to Internet to download the new agent version, in the form of http://proxyname:port.

 

BrunoGabrielli_3-1627377959110.png

 

Below reported, there is the script code I created for Windows-based computers:

 

 

<# .SYNOPSIS This sample script is designed to ease the Arc Agent update at scale. .DESCRIPTION This sample script is designed to ease the Arc Agent update at scale. It require the proxy URL in the form of http://proxyFQDN:port. If no proxy is necessary, enter NONE. The script will behave accordingly. It will download the latest agent version from the Microsoft Download web site and will run the installation silently (unattended mode). .PARAMETER proxy Required. The proxy server and the port (i.e. http://myproxy:8080). Enter NONE to not use any proxy. .EXAMPLE .\Update-ArcAgent_Windows.ps1 -proxy none .NOTES AUTHOR: Bruno Gabrielli VERSION: 1.0 LASTEDIT: May 26th, 2021 #> param( [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$false, HelpMessage='Insert the proxy server and the port (i.e. http://myproxy:8080). Enter NONE to not use any proxy.', Position=0)] [string]$proxy ) # Setting variables $setupFilePath = "C:\Temp" # Setting variables specific for ARC Agent $setupFileName = "AzureConnectedMachineAgent.msi" $argumentListArc = @('/i', "$setupFilePath\AzureConnectedMachineAgent.msi", "/qn", "/l*v", "$setupFilePath\AzcmAgentUpgradeSetup.log") $URI_ARC = "https://aka.ms/AzureConnectedMachineAgent" #region Functions #endregion # Checking if temporary path exists otherwise create it if(!(Test-Path $setupFilePath)) { Write-Output "Creating folder $setupFilePath since it does not exist ... " New-Item -path $setupFilePath -ItemType Directory Write-Output "Folder $setupFilePath created successfully." } #Check if the file was already downloaded hence overwrite it, otherwise download it from scratch if (Test-Path $($setupFilePath+"\"+$setupFileName)) { Write-Output "The file $setupFileName already exists, overwriting with a new copy ... " } else { Write-Output "The file $setupFileName does not exist, downloading ... " } # Downloading the file try { if($proxy -eq "NONE") { $Response = Invoke-WebRequest -Uri $URI_ARC -OutFile $($setupFilePath+"\"+$setupFileName) -ErrorAction Stop } else { $Response = Invoke-WebRequest -Proxy "$proxy" -ProxyUseDefaultCredentials -Uri $URI_ARC -OutFile $($setupFilePath+"\"+$setupFileName) -ErrorAction Stop } # This will only execute if the Invoke-WebRequest is successful. if (Test-Path $($setupFilePath+"\"+$setupFileName)) { Write-Output "Download of $setupFileName, done!" Write-Output "Starting the upgrade process ... " #cd $setupFilePath start-process "msiexec.exe" -ArgumentList $argumentListArc -Wait Write-Output "Agent Upgrade process completed." } else { Write-Output "Download of $setupFileName, failed! The upgrade process cannot be completed." } } catch { $StatusCode = $_.Exception.Response.StatusCode.value__ Write-Output "An error occurred during file download. The error code is ==$StatusCode==." } Write-Output "Runbook execution completed."

 

 

Copy/Paste the above code into a new script, TEST IT, TEST IT AND TEST IT AGAIN and if everything works as expected import it into a new runbook and schedule it accordingly. Wait for the execution and check the agent version in the Arc enabled server you run the script/runbook on and … the game is done.

 

BrunoGabrielli_4-1627378021870.png

 

Thanks,

Bruno :happyface:

 

Disclaimer

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.