|
| 1 | +--- |
| 2 | +title: How to migrate to Azure Monitor Agent using Red Hat Ansible Automation Platform |
| 3 | +description: Learn how to migrate to Azure Monitor Agent using Red Hat Ansible Automation Platform. |
| 4 | +ms.date: 10/17/2022 |
| 5 | +ms.topic: conceptual |
| 6 | +--- |
| 7 | + |
| 8 | +# Migrate to Azure Monitor Agent on Azure Arc using Red Hat Ansible Automation Platform |
| 9 | + |
| 10 | +This article covers how to use Red Hat Ansible Automation Platform to migrate non-Azure machines from the Azure Log Analytics agent to Azure Monitor agent. This includes onboarding the machines to Azure Arc-enabled servers. Once you have completed the configuration steps in this article, you'll be able to run a workflow against an automation controller inventory that performs the following tasks: |
| 11 | + |
| 12 | +- Ensure that the Azure Connected Machine agent is installed on each machine. |
| 13 | +- Install and enable the Azure Monitor agent. |
| 14 | +- Disable and uninstall the Log Analytics agent. |
| 15 | + |
| 16 | +Content from the [Ansible Content Lab for Cloud Automation](https://cloud.lab.ansible.io/) has already been developed to automate this scenario. This article will walk through how you can import that content as a project in an automation controller to build a workflow to perform the tasks above. |
| 17 | + |
| 18 | +Ansible Automation Platform can automate the deployment of Azure services across your IT landscape to make onboarding to Azure Arc fast and reliable. |
| 19 | + |
| 20 | +> [!NOTE] |
| 21 | +> The Ansible content examples in this article target Linux hosts, but the playbooks can be altered to accommodate Windows hosts as well. |
| 22 | +
|
| 23 | + |
| 24 | +## Prerequisites |
| 25 | + |
| 26 | +### Azure Log Analytics workspace |
| 27 | + |
| 28 | +This article assumes you are using the Azure Log Analytics agent and that the servers are pre-configured to report data to a Log Analytics workspace. You will need the name and resource group of the workspace from which you are migrating. |
| 29 | + |
| 30 | +### Automation controller 2.x |
| 31 | + |
| 32 | +This article is applicable to both self-managed Ansible Automation Platform and Red Hat Ansible Automation Platform on Microsoft Azure. |
| 33 | + |
| 34 | +### Automation execution environment |
| 35 | + |
| 36 | +To use the examples in this article, you'll need an automation execution environment with both the Azure Collection and the Azure CLI installed, since both are required to run the automation. |
| 37 | + |
| 38 | +If you don't have an automation execution environment that meets these requirements, you can [use this example](https://github.com/scottharwell/cloud-ee). |
| 39 | + |
| 40 | +See the [Red Hat Ansible documentation](https://docs.ansible.com/automation-controller/latest/html/userguide/execution_environments.html) for more information about building and configuring automation execution environments. |
| 41 | + |
| 42 | +### Host inventory |
| 43 | + |
| 44 | +You will need an inventory of Linux hosts configured in automation controller that contains a list of VMs that will use Azure Arc and the Azure Monitor Agent. |
| 45 | + |
| 46 | +### Azure Resource Manager credential |
| 47 | + |
| 48 | +A working account credential configured in Ansible Automation Platform for the Azure Resource Manager is required. This credential is used by Ansible Automation Platform to authenticate operations using the Azure Collection and the Azure CLI. |
| 49 | + |
| 50 | +### Server machine credential |
| 51 | + |
| 52 | +A “Machine Credential” configured in Automation Controller for SSH access to the servers in your host inventory is required. |
| 53 | + |
| 54 | +## Configuring the content |
| 55 | + |
| 56 | +The examples in this article rely on content developed and incubated by Red Hat through the [Ansible Content Lab for Cloud Content](https://cloud.lab.ansible.io/). |
| 57 | + |
| 58 | +This article also uses the [Azure Infrastructure Configuration Demo](https://github.com/ansible-content-lab/azure.infrastructure_config_demos) collection. This collection contains a number of roles and playbooks that manage Azure use cases including those with Azure Arc-enabled servers. To use this collection in Automation Controller, follow the steps below to set up a project with the repository: |
| 59 | + |
| 60 | +1. Log in to automation controller. |
| 61 | +1. In the left menu, select **Projects**. |
| 62 | +1. Select **Add**, and then complete the fields of the form as follows: |
| 63 | + |
| 64 | + **Name:** Content Lab - Azure Infrastructure Configuration Collection |
| 65 | + |
| 66 | + **Automation Environment:** (select with the Azure Collection and CLI instead) |
| 67 | + |
| 68 | + **Source Control Type:** Git |
| 69 | + |
| 70 | + **Source Control URL:** https://github.com/ansible-content-lab/azure.infrastructure_config_demos.git |
| 71 | + |
| 72 | +1. Select **Save**. |
| 73 | + :::image type="content" source="media/migrate-ama/configure-content.png" alt-text="Screenshot of Projects window to edit details." lightbox="media/migrate-ama/configure-content.png"::: |
| 74 | + |
| 75 | +Once saved, the project should be synchronized with the automation controller. |
| 76 | + |
| 77 | +## Migrating Azure agents |
| 78 | + |
| 79 | +In this example, we will assume that our Linux servers are already running the Azure Log Analytics agent, but do not yet have the Azure Connected Machine agent installed. If your organization relies on other Azure services that use the Log Analytics agent, you may need to plan for extra data collection rules prior to migrating to the Azure Monitor agent. |
| 80 | + |
| 81 | +We will create a workflow that leverages the following playbooks to install the Azure Connected Machine agent, deploy the Azure Monitor Agent, disable the Log Analytics agent, and then uninstall the Log Analytics agent: |
| 82 | + |
| 83 | +- install_arc_agent.yml |
| 84 | +- replace_log_analytics_with_arc_linux.yml |
| 85 | +- uninstall_log_analytics_agent.yml |
| 86 | + |
| 87 | +This workflow performs the following tasks: |
| 88 | + |
| 89 | +- Installs the Azure Connected Machine agent on all of the VMs identified in inventory. |
| 90 | +- Enables the Azure Monitor agent extension via Azure Arc. |
| 91 | +- Disables the Azure Log Analytics agent extension via Azure Arc. |
| 92 | +- Uninstalls the Azure Log Analytics agent if flagged. |
| 93 | + |
| 94 | +### Create template to install Azure Connected Machine agent |
| 95 | + |
| 96 | +This template is responsible for installing the Azure Arc [Connected Machine agent](/azure/azure-arc/servers/agent-overview) on hosts within the provided inventory. A successful run will have installed the agent on all machines. |
| 97 | + |
| 98 | +Follow the steps below to create the template: |
| 99 | + |
| 100 | +1. On the right menu, select **Templates**. |
| 101 | +1. Select **Add**. |
| 102 | +1. Select **Add job template**, then complete the fields of the form as follows: |
| 103 | + |
| 104 | + **Name:** Content Lab - Install Arc Agent |
| 105 | + |
| 106 | + **Job Type:** Run |
| 107 | + |
| 108 | + **Inventory:** (Your linux host inventory) |
| 109 | + |
| 110 | + **Project:** Content Lab - Azure Infrastructure Configuration Collection |
| 111 | + |
| 112 | + **Playbook:** `playbooks/replace_log_analytics_with_arc_linux.yml` |
| 113 | + |
| 114 | + **Credentials:** |
| 115 | + - Your Azure Resource Manager credential |
| 116 | + - Your Host Inventory Machine credential |
| 117 | + |
| 118 | + **Variables:** |
| 119 | + |
| 120 | + ```bash |
| 121 | + --- |
| 122 | + region: eastus |
| 123 | + resource_group_name: sh-rg |
| 124 | + subscription_id: "{{ lookup('env', 'AZURE_SUBSCRIPTION_ID') }}" |
| 125 | + service_principal_id: "{{ lookup('env', 'AZURE_CLIENT_ID') }}" |
| 126 | + service_principal_secret: "{{ lookup('env', 'AZURE_SECRET') }}" |
| 127 | + tenant_id: "{{ lookup('env', 'AZURE_TENANT') }}" |
| 128 | + ``` |
| 129 | + |
| 130 | + > [!NOTE] |
| 131 | + > The operations in this playbook happen through the Azure CLI. Most of these variables are set to pass along the proper variable from the Azure Resource Manager credential to the CL. |
| 132 | +
|
| 133 | + **Options:** |
| 134 | + Privilege Escalation: true |
| 135 | +1. Select **Save**. |
| 136 | + |
| 137 | +### Create template to replace log analytics |
| 138 | + |
| 139 | +This template is responsible for migrating from the Log Analytics agent to the Azure Monitor agent by enabling the Azure Monitor Agent extension and disabling the Azure Log Analytics extension (if used via the Azure Connected Machine agent). |
| 140 | + |
| 141 | +Follow the steps below to create the template: |
| 142 | + |
| 143 | +1. On the right menu, select **Templates**. |
| 144 | +1. Select **Add**. |
| 145 | +1. Select **Add job template**, then complete the fields of the form as follows: |
| 146 | + |
| 147 | + **Name:** Content Lab - Replace Log Analytics agent with Arc agent |
| 148 | + |
| 149 | + **Job Type:** Run |
| 150 | + |
| 151 | + **Inventory:** (Your linux host inventory) |
| 152 | + |
| 153 | + **Project:** Content Lab - Azure Infrastructure Configuration Collection |
| 154 | + |
| 155 | + **Playbook:** `playbooks/replace_log_analytics_with_arc_linux.yml` |
| 156 | + |
| 157 | + **Credentials:** |
| 158 | + - Your Azure Resource Manager credential |
| 159 | + - Your Host Inventory Machine credential |
| 160 | + |
| 161 | + **Variables:** |
| 162 | + |
| 163 | + ```bash |
| 164 | + — |
| 165 | + Region: <Azure Region> |
| 166 | + resource_group_name: <Resource Group Name> |
| 167 | + linux_hosts: "{{ hostvars.values() | selectattr('group_names','contains', 'linux') | map(attribute='inventory_hostname') | list }}" |
| 168 | + ``` |
| 169 | + |
| 170 | + > [!NOTE] |
| 171 | + > The `linux_hosts` variable is used to create a list of hostnames to send to the Azure Collection and is not directly related to a host inventory. You may set this list in any way that Ansible supports. In this case, the variable attempts to pull host names from groups with “linux” in the group name. |
| 172 | +1. Select **Save**. |
| 173 | + |
| 174 | +### Create template to uninstall Log Analytics |
| 175 | + |
| 176 | +This template will attempt to run the Log Analytics agent uninstall script if the Log Analytics agent was installed outside of the Azure Connected Machine agent. |
| 177 | + |
| 178 | +Follow the steps below to create the template: |
| 179 | + |
| 180 | +1. On the right menu, select **Templates**. |
| 181 | +1. Select **Add**. |
| 182 | +1. Select **Add job template**, then complete the fields of the form as follows: |
| 183 | + |
| 184 | + **Name:** Content Lab - Uninstall Log Analytics agent |
| 185 | + |
| 186 | + **Job Type:** Run |
| 187 | + |
| 188 | + **Inventory:** (Your linux host inventory) |
| 189 | + |
| 190 | + **Project:** Content Lab - Azure Infrastructure Configuration Collection |
| 191 | + |
| 192 | + **Playbook:** `playbooks/uninstall_log_analytics_with_arc_linux.yml` |
| 193 | + |
| 194 | + **Credentials:** |
| 195 | + - Your Host Inventory Machine credential |
| 196 | + |
| 197 | + **Options:** |
| 198 | + |
| 199 | + - Privilege Escalation: true |
| 200 | +1. Select **Save**. |
| 201 | + |
| 202 | +### Create the workflow |
| 203 | + |
| 204 | +An automation controller workflow allows you to construct complex automation by connecting automation templates and other actions together. This workflow example is a simple linear flow that enables the end-to-end scenario in this example, but other nodes could be added for context such as error handling, human approvals, etc. |
| 205 | + |
| 206 | +1. On the right menu, select **Templates**. |
| 207 | +1. Select **Add**. |
| 208 | +1. Select **Add workflow template**, then complete the following fields as follows: |
| 209 | + |
| 210 | + **Name:** Content Lab - Migrate Log Agent to Azure Monitor |
| 211 | + |
| 212 | + **Job Type:** Run |
| 213 | + |
| 214 | + **Inventory:** (Your linux host inventory) |
| 215 | + |
| 216 | + **Project:** Content Lab - Azure Infrastructure Configuration Collection |
| 217 | + |
| 218 | +1. Select **Save**. |
| 219 | +1. Select **Start** to begin the workflow designer. |
| 220 | +1. Set **Node Type** to "Job Template" and select **Content Lab - Replace Log Analytics with Arc Agent**. |
| 221 | +1. Select **Next**. |
| 222 | +1. Select **Save**. |
| 223 | +1. Hover over the **Content Lab - Replace Log Analytics with Arc Agent** node and select the **+** button. |
| 224 | +1. Select **On Success**. |
| 225 | +1. Select **Next**. |
| 226 | +1. Set **Node Type** to "Job Template" and select **Content Lab - Uninstall Log Analytics Agent**. |
| 227 | +1. Select **Save**. |
| 228 | +1. Select **Save** at the top right corner of the workflow designer. |
| 229 | + |
| 230 | +You will now have a workflow that looks like the following: |
| 231 | +:::image type="content" source="media/migrate-ama/workflow.png" alt-text="Diagram showing workflow of Azure Monitor agent migration process."::: |
| 232 | + |
| 233 | +### Add a survey to the workflow |
| 234 | + |
| 235 | +We want to add survey questions to the workflow so that we can collect input when the workflow is run. |
| 236 | + |
| 237 | +1. Select **Survey** from the workflow details screen. |
| 238 | + :::image type="content" source="media/migrate-ama/survey.png" alt-text="Screenshot of template details window with survey tab highlighted on right side."::: |
| 239 | +1. Select **Add**, then complete the form using the following values: |
| 240 | + |
| 241 | + **Question:** Which Azure region will your Arc servers reside? |
| 242 | + |
| 243 | + **Answer variable name:** region |
| 244 | + |
| 245 | + **Required:** true |
| 246 | + |
| 247 | + **Answer type:** Text |
| 248 | + |
| 249 | +1. Select **Save**. |
| 250 | +1. Select **Add**, then complete the form using the following values: |
| 251 | + |
| 252 | + **Question:** What is the name of the resource group? |
| 253 | + |
| 254 | + **Answer variable name:** resource_group_name |
| 255 | + |
| 256 | + **Required:** true |
| 257 | + |
| 258 | + **Answer type:** Text |
| 259 | + |
| 260 | +1. Select **Save**. |
| 261 | +1. Select **Add**, then complete the form using the following values: |
| 262 | + |
| 263 | + **Question:** What is the name of your Log Analytics workspace? |
| 264 | + |
| 265 | + **Answer variable name:** analytics_workspace_name |
| 266 | + |
| 267 | + **Required:** true |
| 268 | + |
| 269 | + **Answer type:** Text |
| 270 | + |
| 271 | +1. Select **Save**. |
| 272 | +1. From the Survey list screen, ensure that the survey is enabled. |
| 273 | + :::image type="content" source="media/migrate-ama/survey-enabled.png" alt-text="Screenshot of Survey window with Survey Enabled switched enabled."::: |
| 274 | + |
| 275 | +Your workflow has now been created. |
| 276 | + |
| 277 | +### Running the workflow |
| 278 | + |
| 279 | +Now that you have the workflow created, you can run the workflow at any time. When you click the “launch” 🚀 icon, the survey that you configured will be presented so that you can update the variables across automation runs. This will allow you to move Log Analytics connected servers that are assigned to different regions or resource groups as needed. |
| 280 | + |
| 281 | +:::image type="content" source="media/migrate-ama/launch.png" alt-text="Screenshot of Launch window for workflow."::: |
| 282 | + |
| 283 | +## Conclusion |
| 284 | + |
| 285 | +After following the steps in this article, you have created an automation workflow that migrates your Linux machines from the Azure Log Analytics agent to the Azure Monitor agent. This workflow will onboard the Linux machine to Azure Arc-enabled servers. This example uses the Ansible Content Lab for Cloud Automation to make implementation fast and easy. |
| 286 | + |
| 287 | +## Next steps |
| 288 | + |
| 289 | +Learn more about [connecting machines using Ansible playbooks](onboard-ansible-playbooks.md). |
| 290 | + |
0 commit comments