Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to create an Azure Arc site, upload an ownership voucher, and connect a provisioned machine to Azure.
Important
This feature is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Prerequisites
Before you begin, make sure you complete the following prerequisites:
- Set up your subscription.
- Install small form factor on your machines or virtual machines (VMs).
- Have a Windows PC with the Configurator App installed.
- Have the ownership voucher (
.pem) files for your machines.
Create and configure an Azure Arc site
Create the site
In the Azure portal, search for and select Azure Arc.
Go to Operations > Machine provisioning (preview).
On Get started, select Provision.
On the Basics tab, select Create new to create a new site, or choose an existing site.
Enter a site name, select your subscription, choose a resource group, and then select Create.
Note
By default, Azure creates a new resource group with the same name as the site. You can select an existing resource group instead.
Configure the site
On the Basics tab, select Configure under the selected site.
Configure the following settings on the Site Configuration pane.
Setting Value Region East USUse Azure Arc Gateway YesArc Gateway Select an existing gateway or create a new one Select Save.
Configure SSH keys for machine access
SSH keys are used for secure remote access to the machine over SSH. During provisioning, the public key is installed on the machine, and the corresponding private key is later used to authenticate SSH connections.
You can either generate a new SSH key pair in Azure or upload an existing SSH public key that you already use.
If you generate a new key pair in Azure, Azure creates both the public and private keys. The public key is installed on the machine, and the private key (.pem file) is downloaded to your local computer. You use the downloaded private key later to connect to the machine over SSH.
For example:
ssh -i mykey.pem clouduser@<ip-address>
Store the private SSH key securely. If the private key is lost and no other authentication method or authorized key exists on the machine, you might lose SSH access to the machine.
If you upload your own SSH public key, make sure that you securely store and manage the corresponding private key.
Multiple users can access the same machine either by securely sharing the same private key between authorized users or by adding additional SSH public keys to the machine for separate user access.
Add the machine
To add your machine:
Under Provisioned machines, select Add.
In the Add machines using ownership vouchers pane, upload the ownership voucher that you created in Install small form factor deployments of Azure Local on a machine. Select Add.
In the Operating system dropdown list, select Azure Linux 2604.
Enter a name for the SSH key that you use later.
Select Review + create.
Wait for the machine to become ready
During provisioning, the machine moves through several lifecycle states. The following diagram shows the possible machine states and transitions during provisioning.
Provisioning can take up to 25 minutes to complete.
Connect to the machine over SSH
After the machine state is Provisioned, you can connect to it over SSH.
To connect over SSH, you must have one of the following role assignments at the subscription level. Pick the role assignment based on the level of access needed:
Virtual Machine Administrator Login: Users with this role can sign in with administrator privileges. This role provides sudo level access on the provisioned machine.
Virtual Machine User Login: Users with this role can sign in with regular user privileges. This role provides non-sudo level access on the provisioned machine.
Connect by using Azure Cloud Shell
Open the Provisioned Machine resource in the Azure portal.
Select Settings > Connect.
Open Azure Cloud Shell.
Upload your private key file to Cloud Shell.
Restrict permissions on the uploaded key file.
chmod 600 /path/to/uploaded-key-fileCopy the SSH command shown in the portal and paste it into CloudShell.
Update the command to reference the uploaded
.pemfile path in--private-key-file.Run the command to establish the SSH connection.
Note
The Azure portal automatically generates the SSH command under Connect for your provisioned machine.
Connect over the local network (optional)
For local access and file transfers, you can configure SSH on your local machine.
Create an SSH config file:
az ssh config -g <MANAGED_RESOURCE_GROUP_NAME> -n <ARC_FOR_SERVERS_NAME> --file ./sshconfig -i </path/to/private-key>Use the config file to copy files:
scp -F ~/sshconfig ~/setup-k3s-arc.sh <MANAGED_RESOURCE_GROUP_NAME>-<ARC_FOR_SERVERS_NAME>-clouduser:~Use the config file to connect:
ssh -F ~/sshconfig <MANAGED_RESOURCE_GROUP_NAME>-<ARC_FOR_SERVERS_NAME>-clouduser
Tip
Using an SSH config file simplifies repeat connections and file transfers.
Configure devices with Configurator App (optional)
The Configurator App can help you:
- Configure static IP settings and advanced networking options
- Monitor installation progress
- Troubleshoot local issues
To use the app:
- Install the Configurator App from the Configurator App download link.
- Reopen the app and run it as an administrator.
- Connect by using the device serial number or the IP address shown on the console.
- If the device is still running the maintenance environment (ROE), sign in with:
- Username:
edgeuser - Password:
Password1
- Username:
- After the target OS is installed, sign in using your SSH key and configured username.