-
Notifications
You must be signed in to change notification settings - Fork 375
VMs without WALinuxAgent
We often get customer requests to deploy VMs without the guest agent, or disable the agent after deployment. Starting with version 2.2.32, WALinuxAgent contains support for both limited and disabled modes of execution.
- WALinuxAgent version 2.2.32 or higher
- Microsoft.Compute api version 2018-06-01 or higher
- Deploy a new virtual machine without the agent, using cloud-init support
- Deploy a new virtual machine without the agent, without cloud-init support
- Disable the agent on an existing virtual machine
- Disable extension operations for an existing virtual machine
Upcoming versions of cloud-init will support the Azure provisioning process without the need for WALinuxAgent at all. In these cases the agent does not need to be part of the image. As this becomes available we will provide more documentation on the specifics.
If a virtual machine image contains WALinuxAgent 2.2.32 or higher, it is possible to provision the virtual machine with a flag which will disable the agent after provisioning. See this example template which describes the usage of the provisionVMAgent
flag.
"linuxConfiguration": {
"provisionVMAgent": false
},
Note that in this scenario, the agent usually runs as a system-managed service which restarts after process exit. In order to prevent endless agent restarts, the process will sleep indefinitely after provisioning is complete. To stop the agent and then remove it on Ubuntu, run:
systemctl stop walinuxagent
sudo apt-get remove walinuxagent
Please note that we advise against removing the agent. This will result in failure to run extensions, reflected as provisioning timeout on the Azure portal. The agent’s status on the portal will also be shown as “Not Ready” and the VM name will be shown as "(not available)".
While there is no way to safely disable the guest agent on existing virtual machines, we have added in a new configuration option which puts the agent in a reduced functionality mode. In this mode, the guest agent still communicates with Azure Fabric and reports guest state on a much more limited basis, but will not process any extension updates. To enable this mode, set the following option in /etc/waagent.conf
:
# Enable extension handling. Do not disable this unless you do not need password reset,
# backup, monitoring, or any extension handling whatsoever.
Extensions.Enabled=y
Starting with Microsoft.Compute api version 2018-06-01, it is possible to disallow extension operations for a virtual machine, both at provision-time and at run-time. In order to set this flag, you can use the CLI, SDK or ARM template as follows:
"osProfile": {
"allowExtensionOperations": false
},
Note that this can only be disabled when there are no extensions installed on the virtual machine, and that when provisionVMAgent
is false
, allowExtensionOperations
is automatically set to false
as well.