We are "nxcited" to announce the release of nxtools, an opensource collection of class-based DSC resources for commonly used Linux / Unix modules and built-in Machine Configuration packages for customers. Azure Automanage Machine Configuration (previously known as Azure Policy Guest Configuration) enables configuration as code allowing you to audit and configure OS, app, and workload level settings at scale, both for machines running in Azure and hybrid Azure Arc-enabled servers.
The nxtools module will be maintained by Automanage Machine Configuration. The module intends to make managing Linux easier for PowerShell users and will help in managing common tasks such as:
This module is intended to provide guidelines / samples to help authors to create their own configurations and resource modules for use in custom Machine Configuration projects.
To use nxtools, PowerShell must be installed on your system. GitVersion is recommended to build the right version of this project according to your git status.
To use Machine Configuration, the machine configuration extension and a managed identity are required to manage Azure virtual machines. The extension isn't required for Arc-enabled servers because it's included in the Arc Connected Machine agent. More information about Machine Configuration requirements can be found here.
Installing
On a fresh clone of the nxtools GitHub repo, run:
build.ps1 -Tasks build
This will build the nxtools module in your output/module folder.
If you want to build the Machine Configuration package, run the following instead:
build.ps1 -Tasks gcpol
You can also install the nxtools module from the PowerShell Gallery:
Install-Module -Name nxtools -AllowPrerelease
The most recent version is nxtools 0.4.0-preview0001.
Here are the public commands available:
Get-nxKernelInfo # uname -a
Get-nxDistributionInfo # cat /etc/*-release
Get-nxLinuxStandardBaseRelease # lsb_release -a (not available by default on some Debian 10, Alpine and others)
Get-nxLocalUser # cat /etc/passwd
Get-nxLocalUser -UserName (whoami)
Get-nxLocalUser -Pattern '^gcolas$'
Get-nxLocalGroup # cat /etc/group
Get-nxLocalGroup tape | Get-nxLocalUser
Get-nxItem /tmp/testdir
(Get-nxItem /tmp/testdir).Mode
(Get-nxItem /tmp/testdir).Mode.ToString()
(Get-nxItem /tmp/testdir).Mode.ToOctal()
# using module output/nxtools
# using module nxtools
[nxFileSystemMode]'rwxr--r--'
[nxFileSystemMode]'ugo=rwx'
[nxFileSystemMode]'1777'
[nxFileSystemMode]'u=rwx g=r o=r'
# Proper handling of symbolic links not yet implemented
Compare-nxMode -ReferenceMode 'r--r--r--' -DifferenceMode 1777 | FT -a
Get-nxChildItem -Path /tmp/testdir | Compare-nxMode -ReferenceMode 'r--r--r--' | FT -a
Get-nxChildItem /tmp/testdir/ -File | FT -a
Get-nxChildItem /tmp/testdir/ -Directory | FT -a
Get-nxChildItem /tmp/testdir/ | FT -a
Get-nxChildItem /tmp/testdir/ -File | Move-Item -Destination /tmp/testdir/otherdir/ -Verbose
Get-nxChildItem /tmp/testdir/ -File | FT -a
Get-nxChildItem /tmp/testdir/ -File -recurse | FT -a
Set-nxMode -Path /tmp/tmpjBneMD.tmp -Mode 'rwxr--r--' -Recurse -WhatIf # chmod -R 0744
Set-nxMode -Path /tmp/tmpjBneMD.tmp -Mode '0744' -Recurse -WhatIf # chmod -R 0744
Set-nxMode -Path /tmp/tmpjBneMD.tmp -Mode 744 -Recurse -Whatif # chmod -R 0744
# Get the other groups the members of the tape group are member of
Get-nxLocalGroup tape | Get-nxLocalUser | Get-nxLocalUserMemberOf
Set-nxOwner -Path /tmp/tmpjBneMD.tmp -Owner (whoami) # chown gcolas /tmp/tmpjBnedMD.tmp
Set-nxGroupOwnership -Path /tmp/testdir -Recurse -Group users -RecursivelyTraverseSymLink
Where can I find more?
All of the above information plus more details about nxtools can be found in our nxtools GitHub repo README.
Learn more about Machine Configuration in the documentation.
Please note that the use of Automanage Machine Configuration on Azure Arc-enabled servers will incur a charge of $6/server/month. You only pay the charge once no matter how many machine configuration policies you apply to the server. If policies are assigned by Microsoft Defender for Servers Plan 2 or the policy is an Azure Security Benchmark, no charges will be incurred. Additionally, if Azure Change Tracking or Inventory Management are being used or the server is on Azure Stack HCI with Connected Machine agent version 1.13, no charges will be incurred.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.