The Azure Arc team is excited to announce the public preview of Automatic VM extension upgrades for Azure Arc-enabled servers. VM extensions allow you to realize additional capabilities on your Azure Arc-enabled servers. Extension capabilities range from collecting log data with Azure Monitor to extending your security posture with Azure Defender to deploying a hybrid runbook worker on Azure Automation. Over time, these VM extensions get updated with security enhancements and new functionality. With Automatic VM extension upgrades, you can opt-in to have your extensions automatically upgraded whenever a new version of an extension is published. Seamlessly keep your extensions up-to-date and secure with Automatic VM extension upgrades.
How does it work?
Gone are the days of manually checking for and scheduling updates to the VM Extensions used by your Azure Arc-enabled servers. When a new version of an extension is published, Azure will automatically check to see if the extension is installed on any of your Azure Arc-enabled servers. If the extension is installed, and you’ve opted into automatic upgrades, your extension will be queued for an upgrade.
The upgrades are staggered to avoid upgrading all servers at once. Automatic upgrades are initiated in phases, which contain all the Azure Arc-enabled servers in one or more Azure regions. During the upgrade, the latest version of the extension is downloaded to each server, the current version is removed, and finally the latest version is installed. Once all the extensions in the current phase are upgraded, the next phase will begin. You’ll see an event in the Azure Activity Log when an extension upgrade is initiated.
How do I get started?
You’ll need the latest version of the Azure CLI and the connectedmachine CLI extension to manage automatic VM extension upgrades during the preview.
By default, automatic upgrades are disabled for VM extensions. You can verify the status by running the following command in the Azure CLI (replace the resource group name and machine name with the details for one of your Azure Arc-enabled servers):
az connectedmachine extension list \
--resource-group resourceGroupName \
--machine-name machineName \
--query "[].{Name:name, AutoUpgrade:properties.enableAutoUpgrade}" \
--output table
To enable automatic upgrades for an extension, update the extension and set the enableAutoUpgrade property to true. You can do this by running the following command in the Azure CLI (replace the resource group name and machine name with the details for one of your Azure Arc-enabled servers):
az connectedmachine extension update \
--resource-group resourceGroupName \
--machine-name machineName \
--name DependencyAgentWindows \
--enable-auto-upgrade true
The extension will immediately upgrade to the latest version if necessary and will automatically be upgraded to any new versions that are released by the extension publisher.
During the preview, only specific extensions support automatic upgrades. You can find the full list of extensions and more information about automatic upgrades in our documentation.
Upcoming enhancements
Beyond the Azure CLI experience available today, we are working on Azure portal and Azure PowerShell experiences. Across CLI, PowerShell, and portal, you will be able to view and manage your extension upgrade preferences using your preferred Azure management tools. In a future release, we will also enable automatic rollback of extensions that failed to upgrade. Stay tuned for more information as we continue extending our extension capabilities.
Posted at https://sl.advdat.com/3qm8YLZ