Azure
/
azure-osconfig
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updating the documentation (#565)

This commit is contained in:
Marius Niculescu 2023-10-13 13:29:16 -07:00 коммит произвёл GitHub
Родитель 2f8d5e1dea
Коммит 6413ca40b6
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 16 добавлений и 34 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
CONTRIBUTING.md
Просмотреть файл

@ -1,6 +1,6 @@
# Introduction
Azure Device OS Configuration (OSConfig) is a modular services stack running on a Linux IoT Edge device that facilitates remote device management over Azure as well from local management authorities. OSConfig contains a PnP Agent, a Management Platform (Modules Manager) and several Management Modules. For more information on OSConfig see [OSConfig North Star Architecture](docs/architecture.md) and [OSConfig Roadmap](docs/roadmap.md).
Azure Device OS Configuration (OSConfig) is a modular configuration stack for Linux Edge devices. OSConfig supports multi-authority device management over Azure and Azure Portal/CLI (via Azure PnP, IoT Hub, Azure Policy), GitOps, as well as local management (such as from Out Of Box Experience, OOBE). For more information on OSConfig see [OSConfig North Star Architecture](docs/architecture.md).
# Code of conduct
@ -8,18 +8,7 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
# Contributing
We welcome contributions to OSConfig. The main way of contributing to and extending OSConfig is via developing new **Management Modules**. See [OSConfig Management Modules](docs/modules.md).
Contributions to OSConfig can happen in one of the following ways:
Contribution | Where | Pull request implications
-----|-----|-----
Adding a new fully decoupled OSConfig Management Module | New /src/modules/<modulename> | The most common type of contribution to OSConfig. Pull requests that add a new module without changes in other components are the easiest ones to get approved.
Modifying an existing OSConfig Management Module | Existing /src/modules/<modulename> | For example, when upgrading the version of an existing module. Similar to previous kind of requests.
Adding new and/or changing multiple OSConfig Management Modules at once | /src/modules/ | Generally not recommended. Such pull requests may be accepted if the change is simple enough to warrant a bulk request. It is recommended to split into separate pull request for each module.
Adding a new OSConfig Management Module with changes into the OSConfig Management Platform, the OSConfig Adapters or the common libraries | /src/modules/, /src/platform/, /src/adapters/, /src/common/ | Generally not recommended. Such pull requests require special review and approval from the core team and may be approved on a case by case basis.
Adding a new and/or changing an existing feature of the OSConfig Management Platform, the OSConfig Agent and/or the common libraries | /src/platform/, /src/adapters/, /src/common/ | Generally not recommended. Such pull requests require special review and approval from the core team and may be approved on a case by case basis. If the proposed change follows the current [OSConfig North Star Architecture](architecture.md) and [OSConfig Roadmap](roadmap.md) that increases the chance of approval.
Changing or adding to the documentation | *, /docs/ | Generally not recommended. Such pull requests require special review and approval from the core team and may be approved on a case by case basis.
We welcome contributions to OSConfig. The main way of contributing to and extending OSConfig is via developing new **Management Modules**. For more information see [OSConfig Management Modules](docs/modules.md).
Pull requests with few exceptions must contain appropriate unit-tests. We cannot allow test coverage to go down. Pull requests containing code changes without accompanying unit tests may be rejected.

7
README.md
Просмотреть файл

@ -2,11 +2,9 @@
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE.md)
Azure Device OS Configuration (OSConfig) is a modular services stack running on a Linux Edge device that facilitates remote device management over Azure as well from local management authorities.
Azure Device OS Configuration (OSConfig) is a modular configuration stack for Linux Edge devices. OSConfig supports multi-authority device management over Azure and Azure Portal/CLI (via Azure PnP, IoT Hub, Azure Policy), GitOps, as well as local management (such as from Out Of Box Experience, OOBE).
OSConfig contains an Agent, a Management Platform and several Management Modules. The Agent contains two management authority adapters, including a PnP Agent for IoT Hub and DigitalTwins and a Watcher for local RC/DC and GitOps DC. The Agent runs in one daemon process. The Platform and Modules run in another daemon process.
For more information on OSConfig see [OSConfig North Star Architecture](docs/architecture.md), [OSConfig Roadmap](docs/roadmap.md) and [OSConfig Management Modules](docs/modules.md).
For more information on OSConfig see [OSConfig North Star Architecture](docs/architecture.md) and [OSConfig Management Modules](docs/modules.md).
For our code of conduct and contributing instructions see [CONTRIBUTING](CONTRIBUTING.md). For our approach to security see [SECURITY](SECURITY.md).
@ -60,6 +58,7 @@ Source | Destination | Description
[src/adapters/pnp/daemon/osconfig.service](src/adapters/pnp/daemon/osconfig.service) | /etc/systemd/system/osconfig.service | The service unit for the OSConfig Agent
[src/platform/daemon/osconfig-platform.service](src/platform/daemon/osconfig-platform.service) | /etc/systemd/system/osconfig-platform.service | The service unit for the OSConfig Platform
[src/adapters/pnp/daemon/osconfig.toml](src/adapters/pnp/daemon/osconfig.toml) | /etc/aziot/identityd/config.d/osconfig.toml | The OSConfig Module configuration for AIS
[src/modules/securitybaseline/](src/modules/securitybaseline/) | /usr/lib/osconfig/securitybaseline.so | The SecurityBaseline module binary
[src/modules/deviceinfo/](src/modules/deviceinfo/) | /usr/lib/osconfig/deviceinfo.so | The DeviceInfo module binary
[src/modules/configuration/](src/modules/configuration/) | /usr/lib/osconfig/configuration.so | The Configuration module binary
[src/modules/commandrunner/](src/modules/commandrunner/) | /usr/lib/osconfig/commandrunner.so | The CommandRunner module binary

22
docs/architecture.md
Просмотреть файл

@ -4,7 +4,7 @@ Author: [MariusNi](https://github.com/MariusNi)
# 1. Introduction
Azure Device OS Configuration (OSConfig) is a modular configuration stack for Ubuntu/Debian/Mariner Light Edge devices. OSConfig supports multi-authority device management over Azure and Azure Portal/CLI (via Azure PnP, IoT Hub, Azure Policy), GitOps, as well as local management (such as from OOBE).
Azure Device OS Configuration (OSConfig) is a modular configuration stack for Linux Edge devices. OSConfig supports multi-authority device management over Azure and Azure Portal/CLI (via Azure PnP, IoT Hub, Azure Policy), GitOps, as well as local management (such as from Out Of Box Experience, OOBE).
<img src="assets/bigpicture.png" alt="OSConfig" width=80%/>
@ -29,7 +29,7 @@ In general:
- If orchestrated functionality of multiple modules is needed, the Platform can be invoked over MPI.
- If remote reach over Azure and IoT Hub is needed, only then the Agent becomes necessary.
The main way of contributing to and extending OSConfig is via developing new [OSConfig Management Modules](modules.md).
The main way to extend OSConfig is via developing new [OSConfig Management Modules](modules.md).
# 2. Overall OSConfig Architecture
@ -313,20 +313,14 @@ In general, we can adapt OSConfig Management Modules to MC and Azure Policy by f
A new kind of OSConfig Management Module can be added: an Orchestrator Module loads other modules and execute combination of standard OSConfig module scenarios, without dealing itself with any direct OS configuration. There can be one or multiple Orchestrator Modules, each one of them using a different combination of standard modules, and/or using same modules but in different ways. The power of Orchestrator Modules is that they can wrap more complex scenarios in simple MIM models and thus work better with Azure Policy.
# 6. OSConfig Native Resource Provider (NRP)
# 6. OSConfig Universal Native Resource Provider (NRP)
The OSConfig Native Resource Provider is an univeral NRP that links OSConfig to the [Azure Automanage Machine Configuration (MC)](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/).
The OSConfig Universal Native Resource Provider adapter links OSConfig to the [Azure Automanage Machine Configuration (MC)](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/).
Using MC and this NRP, we can create Azure Policies that will automatically target for compliance audit or remediation all Arc devices in a particular Azure subscription or Azure resource group. Each Azure Policy can audit/remediate one read-write pair of MIM settings and multiple Policies can audit/remediate multiple read-write pairs of MIM settings, aka whole device configuration.
Using MC and the OSConfig Universal NRP, we can create Azure Policies that automatically target for compliance audit or remediation all Arc devices in a particular Azure subscription or Azure resource group.
The NRP can have resource class parameters such as:
The Universal NRP is currently used with the SecurityBaseline module to audit and remediate the [Azure Security Baseline for Linux](https://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-linux). In the future the Universal NRP could be used for other scenarios.
- Component (for Set/Get/Audit): the name of the MIM component/object.
- DesiredObject (for Set/Audit): the name of the desired MIM object/setting.
- DesiredValue (for Set/Audit): the value of the desired MIM object/setting.
- ReportedObject (for Get/Audit): the name of the reported MIM object/setting.
- ReportedValue (for Get/Audit): the value of the reported MIM object/setting.
<img src="assets/5_guestconfig.png" alt="OSConfig NRP" width=70%/>
Last two are not used by Azure Policy, can be omitted from the resource class parameters and only used internally for auditing.
<img src="assets/5_guestconfig.png" alt="OSConfig NRP" width=70%/>
For more information see [src/adapters/mc/README.md](../src/adapters/mc/README.md) and [src/modules/securitybaseline/README.md](../src/modules/securitybaseline/README.md).

Двоичные данные
docs/assets/5_guestconfig.png
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом" Свайп Оверлей

До

Ширина:  |  Высота:  |  Размер: 508 KiB

После

Ширина:  |  Высота:  |  Размер: 494 KiB

6
src/adapters/mc/README.md
Просмотреть файл

@ -11,11 +11,11 @@ To regenerate code, see [codegen.cmd](codegen.cmd).
> **Warning**
> Regenerating code will overwrite all customizations and additions specific to OSConfig.
## 3. Building the OSConfig NRP
## 3. Building the OSConfig Universal NRP
The OSConfig NRP binary (libOsConfigResource.so) is built with rest of OSConfig.
The OSConfig Universal NRP binary (libOsConfigResource.so) is built with rest of OSConfig.
## 4. Validating the OSConfig NRP locally with PowerShell and the MC Agent
## 4. Validating the OSConfig Universal NRP locally with PowerShell and the MC Agent
Follow the instructions at [How to set up a machine configuration authoring environment](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create-setup).