I'm trying to wrap my brain around an issue with either the TF Code, or me. I've got a VM Set that I'm mapping over, and on each one, I have a CustomScriptExtension that should install Docker on the VMs.
When I run the plan, it builds the VMs, and the Custom Script runs, however when I RDP into the machine, and attempt a docker info It's telling me that docker isn't installed.
A quick cursory glance of C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.*\Downloads\ Shows that the installer script is indeed being downloaded, but it doesn't seem to be installing.
Here's the AzureRM Resource (Sanitized):
resource "azurerm_virtual_machine_extension" "bootstrap-scripts" {
for_each = local.XXXXXX
name = "${each.key}-bootstrap"
virtual_machine_id = module.XXXXXXXX[each.key].virtual_machine_id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
settings = <<SETTINGS
{
"commandToExecute" : "powershell -ExecutionPolicy Unrestricted -File install-docker-ce.ps1",
"fileUris" : ["https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1"]
}
SETTINGS
}
And the output from the log at C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension
[
{
"version":"1",
"timestampUTC":"2022-10-21T20:03:44.6989395Z",
"status":{"name":"powershell -ExecutionPolicy Unrestricted -File install-docker-ce.ps1",
"operation":"Command Execution Finished",
"status":"success",
"code":0,
"formattedMessage":{
"lang":"en-US",
"message":"Command execution finished"
},
"substatus":[
{
"name":"StdOut",
"status":"success",
"code":0,"formattedMessage":{
"lang":"en-US",
"message":"Querying status of Windows feature: Containers...\r\nEnabling feature Containers...\r\nWARNING: You must restart this server to finish the installation process.\r\nRestart is required; restarting now...\r\nCreating scheduled task action (C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.12\\Downloads\\0\\install-docker-ce.ps1 )...\r\nCreating scheduled task trigger...\r\nRegistering script to re-run at next user logon...\r\n"
}
},
{
"name":"StdErr",
"status":"success",
"code":0,
"formattedMessage":{
"lang":"en-US",
"message":"Register-ScheduledTask : No mapping between account names and security IDs was done.\r\n(12,8):UserId:\r\nAt C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.12\\Downloads\\0\\install-docker-ce.ps1:150 char:5\r\n+ Register-ScheduledTask -TaskName $global:BootstrapTask -Action $a ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (PS_ScheduledTask:Root/Microsoft/...S_ScheduledTask) [Register-ScheduledTa \r\n sk], CimException\r\n + FullyQualifiedErrorId : HRESULT 0x80070534,Register-ScheduledTask\r\n \r\n"
}
}
]
}
}
]
from what I'm reading, it seems to set up the scheduled task to reboot the server, but it looks like it never does? However even after a manual restart, it's still not installed.
Can anyone shed some light on this?
EDIT: I forgot to mention that I cannot use anything out of the Azure Public Marketplace, in case someone wanted to mention using a premade image. I am relegated to using images that are stored in our private collection
Related
Below is the script. trying on windows machine.
resource "azurerm_virtual_machine_extension" "VMextn1" {
name = "avmextn1"
virtual_machine_id = azurerm_windows_virtual_machine.vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"fileUris": ["https://storageforiotscripts.blob.core.windows.net/nodejsscript/installNodeJS.ps1"],
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -file installNodeJS.ps1"
}
SETTINGS
}
Tried changing versions to 1.1,1.5,1.9,2.0... and also auto_upgrade_minor_version to false.
Its throwing the following error in the image attached Cannot update handler version or autoUpgradeMinorVerison and a conflict of other extensions with typeHandler version 1.9 and autoUpgradeMinorVerison = false :
According to my research it is not an version error, It is an extension and resource name error.
ErrorMessage: Cannot update handlerVersion or autoUpgradeMinorVersion for VM extension 'CustomScriptExtension'. Change is in conflict with other extensions under handler 'Microsoft.Compute.CustomScriptExtension', with typeHandler version '1.9' and autoUpgradeMinorVersion 'False'.
The above error indicates Custom Script Extension has already been installed as a resource name on the virtual machine.
You might be giving CustomScriptExtension a different resource name than Microsoft.Compute.CustomScriptExtension
-Ensure that the resource name is correct. The resource name can be anything. But, if the Custom Script Extension has already been set up, you can use the same extension for further steps of execution or else you can remove the previous extension if you using new or different extension.
Reference:
Debug PowerShell scripts run by Custom Script Extension or Run Command - Virtual Machines | Microsoft Docs
I have a powershell script present in GitHub and using it in the "Settings" block inside "azurerm_virtual_machine_extension" to configure the Windows Server VM. Below is the code.
resource "azurerm_virtual_machine_extension" "iis-windows-vm" {
depends_on = [azurerm_windows_virtual_machine.web-windows-vm]
name = "win-${random_string.random-win-vm.result}-vm-extn"
virtual_machine_id = azurerm_windows_virtual_machine.web-windows-vm.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.9"
settings = <<SETTINGS
{
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File demo.ps1",
"fileUris": ["https://raw.githubusercontent.com/Configure/app/master/demo.ps1"]
}
SETTINGS
}
And the below are the content of "demo.ps1"
New-LocalUser "ansible" -Password (ConvertTo-SecureString -AsPlainText -Force ) -AccountNeverExpires:$true -PasswordNeverExpires:$true -FullName "ansible" | Add-LocalGroupMember -Group administrators
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools
When I do "terraform apply", below error is displayed.
Error: Future#WaitForCompletion: context has been cancelled: StatusCode=200 -- Original Error: context deadline exceeded
The code was working fine until now. Not able to figure out the problem here. Request you assist me to make this work.
The error Original Error: context deadline exceeded means that we ran into a situation where a given action was not completed in an expected timeframe.
So there can be a handful of reason why you are encountering the execution timeout like Network Latency, Slow I/O, Firewall Rules and many more. One possible reason that I think is the URL is not responding as expected or it's taking to much time to respond.
Before being able to solve the problem, you need to determine what is actually failing. I would suggest to check the detailed terraform log file to find the reason of timeout.
But even after checking you find is good and you are still facing the issue then with v2.0 of the AzureRM Provider it is possible to add custom timeouts using timeouts block as shown in the example snippet below.
resource "azurerm_resource_group" "example" {
name = "example-resource-group"
location = "West Europe"
timeouts {
create = "10m"
delete = "30m"
}
}
For more information check this Custom Timeouts for Resources section of the terraform document.
Am currently running some Terraform to create resources in Azure. We have a module we have written to create a resource group with a bunch of variables. The provider currently does not allow the creation of budgets and cost alerts but the Powershell modules do. I thought we could then add a Powershell script to carry out the settings. I seem to be hitting a snag where I cannot quite work out how to address the Powershell script. I have the following:
resource "null_resource" "PowerShellScriptRunAlways" {
triggers = {
always_run = "${timestamp()}"
}
provisioner "local-exec" {
command = ".'${path.module}//pwsh//costalert.ps1 -subscriptionID \"${var.azure_subscription_id}\" -tenantID \"${var.azure_tenant_id}\" -clientID \"${var.azure_client_id}\" -clientSecret \"${var.azure_client_secret}\" -budgetAmount \"${var.budgetAmount}\" -rgName \"${azurerm_resource_group.this.name}\" -emailAddresses \"${var.emailAddresses}\"'"
interpreter = ["pwsh", "-Command"]
}
}
using pwsh as this is running on a Linux Jenkins agent. This is part of a module where the ps1 file is under "root module directory/pwsh" but it seems to yield the following:
Error: Error running command '.'.terraform/modules/rg_test\pwsh\costalert.ps1 -subscriptionID "xxxxx" -tenantID "xxxxxxx" -clientID "xxxxxx" -clientSecret "xxxxx" -budgetAmount "1000" -rgName "rg-da_test-sbxeng-001" -emailAddresses "xxxxxx"'': exit status 1. Output: . : The module '.terraform/modules/rg_test' could not be loaded. For more information, run 'Import-Module .terraform/modules/rg_test
+ .'.terraform/modules/rg_test\pwsh\costalert.ps1 -subscriptionID
It seems to be switching the path but cannot seem to make it pick up the script and run it. Does anyone have any suggestions?
Isn't this a quoting issue?
I can successfully execute this pwsh null resource from a terraform module in an Azure DevOps linux agent. Note that only the script path is single quoted, while in your example you've got the whole command single quoted.
resource "null_resource" "create_sql_user" {
provisioner "local-exec" {
command = ".'${path.module}\\scripts\\create-sql-user.ps1' -password \"${random_password.sql_password.result}\" -username \"${var.sql_username}\" -sqlSaConnectionString \"${var.sql_server_connectionstring}\" -databaseName \"${azurerm_sql_database.db.name}\" "
interpreter = ["pwsh", "-Command"]
}
depends_on = [azurerm_sql_database.db]
}
I have a simple configuration that I am trying to apply to an Azure VM using PowerShell DSC extension
Configuration DSCTest
{
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Import-DscResource -ModuleName xPSDesiredStateConfiguration
Node "localhost"
{
File ESETInstaller
{
Type = 'Directory'
DestinationPath = 'C:\ESETInstaller'
Ensure = "Present"
}
}
}
DSCTest
I've published this using
Publish-AzVMDscConfiguration "D:\Test\DSCTest.ps1" -OutputArchivePath "D:\Test\DSCTest.ps1.zip"
and then I uploaded this zip file in Azure BLOB storage.
After that, I tried to apply this configuration to a VM using the following command:
Set-AzVMDscExtension -ResourceGroupName 'TestDSC' -VMName 'TestDSCVM' -ArchiveStorageAccountName 'test***********' -ArchiveResourceGroupName '******' -ConfigurationName $configurationName -ArchiveBlobName "DSCTest.ps1.zip" -ArchiveContainerName 'dsc' -Name "DSCTest" -Version 2.76
In the target machine, I can see that the DSC folder appears
But on the console I get the error:
Although, I am able to successfully apply the configuration in the target machine by manually executing the command from inside that VM.
Please let me know if anyone has ever faced this issue before. Thanks.
The logs inside the target machine showed that the issue is with the execution policy.
In my script I changed "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned" to "Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope CurrentUser -Force" and it worked fine.
I am pretty new to Azure and TFS and related. So please excuse me if I mix up the terms here.
I am testing the capabilities of Microsoft Team Foundation Server with an on-premise installation. I am not the admin of the server itself, I have admin access to one of the projects inside.
I have a git repo with some python code in this project and I am trying to set up CI build pipeline for this. I am also manually configuring an agent to run this build pipeline. For the timebeing, I am configuring the windows machine that I am working on to run as an agent. I was able to set it up to listen for jobs and also it picks up the job when submitted from the TFS server. (I am running the agent from a cmd.exe window)
However, I couldn't get it do even the simplest of command line tasks as part of the build pipeline.
Below is the output of where python:
2019-08-27T14:41:15.1614046Z ##[section]Starting: Find python version
2019-08-27T14:41:15.1623937Z ==============================================================================
2019-08-27T14:41:15.1624042Z Task : Command Line
2019-08-27T14:41:15.1624091Z Description : Run a command line script using cmd.exe on Windows and bash on macOS and Linux.
2019-08-27T14:41:15.1624157Z Version : 2.146.1
2019-08-27T14:41:15.1624203Z Author : Microsoft Corporation
2019-08-27T14:41:15.1624258Z Help : [More Information](https://go.microsoft.com/fwlink/?LinkID=613735)
2019-08-27T14:41:15.1625058Z ==============================================================================
2019-08-27T14:41:15.6151701Z Cannot invoke method. Method invocation is supported only on core types in this language mode.
2019-08-27T14:41:15.6151921Z At line:1 char:1
2019-08-27T14:41:15.6151968Z + . ([scriptblock]::Create('if (!$PSHOME) { $null = Get-Item -LiteralPa ...
2019-08-27T14:41:15.6152019Z + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2019-08-27T14:41:15.6152077Z + CategoryInfo : InvalidOperation: (:) [], RuntimeException
2019-08-27T14:41:15.6152123Z + FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
2019-08-27T14:41:15.6152156Z
2019-08-27T14:41:17.7569608Z Cannot invoke method. Method invocation is supported only on core types in this language mode.
2019-08-27T14:41:17.7569833Z At line:1 char:740
2019-08-27T14:41:17.7570630Z + ... Continue' ; Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create ...
2019-08-27T14:41:17.7571090Z + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2019-08-27T14:41:17.7572452Z + CategoryInfo : InvalidOperation: (:) [], RuntimeException
2019-08-27T14:41:17.7574051Z + FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
2019-08-27T14:41:17.7574178Z
2019-08-27T14:41:17.8271008Z ##[error]Exit code 1 returned from process: file name 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe', arguments '-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". ([scriptblock]::Create('if (!$PSHOME) { $null = Get-Item -LiteralPath ''variable:PSHOME'' } else { Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1'')) ; Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1'')) }')) 2>&1 | ForEach-Object { Write-Verbose $_.Exception.Message -Verbose } ; Import-Module -Name 'C:\TOOLS\agent\_work\_tasks\CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9\2.146.1\ps_modules\VstsTaskSdk\VstsTaskSdk.psd1' -ArgumentList #{ NonInteractive = $true } -ErrorAction Stop ; $VerbosePreference = 'SilentlyContinue' ; $DebugPreference = 'SilentlyContinue' ; Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create('. ''C:\TOOLS\agent\_work\_tasks\CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9\2.146.1\cmdline.ps1'''))"'.
2019-08-27T14:41:17.8301183Z ##[section]Finishing: Find python version
This command runs fine when I execute it from a commandline interactively in my machine.
Why is the PowerShell getting invoked when the pipeline runs? And why such a long command to execute something so simple?
Thanks in advance for any suggestions you can give.
The agent uses PowerShell behind the scenes, it looks like your IT put some security in the computers that blocked running some PowerShell scripts (maybe only it from remote).
Try to run it in your PowerShell:
$ExecutionContext.SessionState.LanguageMode
I guess you will get this output:
ConstrainedLanguage
If yes, try to switch it to FullLanguage:
$ExecutionContext.SessionState.LanguageMode = "FullLanguage"
If it doesn't help maybe it's also blocked, so you need to talk with IT that will change it or try to change the registry like explained here or set the environment variable __PSLockdownPolicy to 0.