How to add the following custom extension to run the powershell script in already existing VM ? How to refer to existing VM ?
{
"condition":"[empty(parameters ('DR User Secret'))]",
"type":"Microsoft.Compute/virtualMachines/extensions",
"name":"[concat(parameters('vmName'),'/', 'customscript')]",
"apiVersion":"2015-06-15",
"location":"[resourceGroup().location]",
"properties":{
"publisher":"Microsoft.Compute",
"type":"CustomScriptExtension",
"typeHandlerVersion":"1.9",
"autoUpgradeMinorVersion":true,
"settings":{
"fileUris":[
]
},
"protectedSettings":{
"commandToExecute":"[concat('powershell -ExecutionPolicy Unrestricted -file ', 'C:\\test.ps1', ' -AdminPass ', parameters('Password'))]"
}
}
}
Here is an alternate way you may also try.
I created a VM using the ARM template.
Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/ps-template
And I use the below following command that uses the Custom Script extension to download a script from a GitHub repository onto the target virtual machine and then run the script.
fileUris: The locations where the script files are stored.
Set-AzVMCustomScriptExtension -ResourceGroupName "v-rash18" -VMName "SampleVM" -Name "myCustomScript"
-FileUri "https://raw.githubusercontent.com/neilpeterson/nepeters-azure-templates/master/windows-custom-script-simple/support-scripts/Create-File.ps1"
`
-Run "Create-File.ps1" -Location "Central US".
Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows#run-vm-extensions
To check the extension is set on the existing VM is Get-AzVMExtension
Related
How can we create windows VM image with RDP disabled for VMs created from that image? I want publish an RDP hardened image.
You can do this with a Custom Script Extension for Windows
Create a PowerShell scripts which disables RDP and reference it:
{
"fileUris": ["https://mystorage.blob.core.windows.net/privatecontainer/script1.ps1"],
"commandToExecute": "powershell.exe script1.ps1",
"managedIdentity" : {}
}
Powershell script to disable RDP in registry:
Invoke-Command –Computername "customname" –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 1}
I have a simple configuration that I am trying to apply to an Azure VM using PowerShell DSC extension
Configuration DSCTest
{
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Import-DscResource -ModuleName xPSDesiredStateConfiguration
Node "localhost"
{
File ESETInstaller
{
Type = 'Directory'
DestinationPath = 'C:\ESETInstaller'
Ensure = "Present"
}
}
}
DSCTest
I've published this using
Publish-AzVMDscConfiguration "D:\Test\DSCTest.ps1" -OutputArchivePath "D:\Test\DSCTest.ps1.zip"
and then I uploaded this zip file in Azure BLOB storage.
After that, I tried to apply this configuration to a VM using the following command:
Set-AzVMDscExtension -ResourceGroupName 'TestDSC' -VMName 'TestDSCVM' -ArchiveStorageAccountName 'test***********' -ArchiveResourceGroupName '******' -ConfigurationName $configurationName -ArchiveBlobName "DSCTest.ps1.zip" -ArchiveContainerName 'dsc' -Name "DSCTest" -Version 2.76
In the target machine, I can see that the DSC folder appears
But on the console I get the error:
Although, I am able to successfully apply the configuration in the target machine by manually executing the command from inside that VM.
Please let me know if anyone has ever faced this issue before. Thanks.
The logs inside the target machine showed that the issue is with the execution policy.
In my script I changed "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned" to "Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope CurrentUser -Force" and it worked fine.
To do this with a script that is publicly available this is no Problem using:
$publicSettings = #{
"fileUris" = (,"$uri");
"commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File azure_cse_vm_initial_script.ps1 $argument"
}
Write-Host " ==> Add-AzureRmVmssExtension"
Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss `
-Name "customScript" `
-Publisher "Microsoft.Compute" `
-Type "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-Setting $publicSettings
But how to do in case I use a storage account with a blob container? Can the access key be added to the Settings object? But how? And what to use for the URL.
The script I want to run should not be public accessible because it is the Installation script of my application.
Thanks,
Daniel
I would create a shared access signatur for that script (see Using shared access signatures). Then you can simple add the SAS token to the URI. E. g:
https://myaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=2015-04-05&st=2015-04-29T22%3A18%3A26Z&se=2015-04-30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60-168.1.5.70&spr=https&sig=Z%2FRHIX5Xcg0Mq2rqI3OlWTjEg2tYkboXr1P9ZUXDtkk%3D
You could also use storage account name and storage account key to download the script: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows#extension-schema
I am trying to create a VM on Azure using powershell script in Azure Automation. This VM is to be created from marketplace. So I need to use cmdlet 'Set-AzureRmVMPlan' in my script.
$vm = New-AzureRmVMConfig -VMName $inVMName -VMSize $vmSize
Set-AzureRmVMPlan -VM $vm -Publisher "kali-linux" -Product
"kali-linux" -Name "kali"
This script works fine when I run it from Powershell ISE however when I put this command in Azure Automation Runbook then Azure doesn't recognize this command. I get below error,
Set-AzureRmVMPlan : The term 'Set-AzureRmVMPlan' is not recognized as
the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try
again.
At restore-vhd-backups:8 char:8
CategoryInfo : ObjectNotFound: (Set-AzureRmVMPlan:String) [], CommandNotFoundException
FullyQualifiedErrorId : CommandNotFoundException
So I further investigate and found that this command is not available in cmdlet list at page "Edit PowerShell Runbook" (see below image)
I also got to know that this cmdlet was added in Azure Powershell last year from below link
How to include "Plan information" when creating ARM VM from a captured image using Powershell?
Can someone help me on this?
So what is happening here, Azure Automation uses the old version of the Module, you have to go to Azure Automation Blade > Assets > Modules > Browse Gallery and reimport AzureRM.Profile and AzureRM.Compute.
I have a new subscription to Azure but have existing VM's in a prior subscription. What is the easiest/best way to move my VM's to the new Subscription?
Thanks for reading.
I don't know if there's another option, but you can do this with powershell:
# Copy a virtual machine to a different subscription (no VNET)
.\vmcopy.ps1 -SourceSubscription "source subscription" `
-DestinationSubscription "destination subscription" `
-VirtualMachineName "existingvmname" `
-SourceServiceName "sourcecloudservice" `
-DestinationServiceName "destinationcloudservice" `
-DestinationStorageAccount "destinationstorageaccount" `
-Location "West US"
# Copy a virtual machine to a different subscription and specify an existing virtual network and subnet.
.\vmcopy.ps1 -SourceSubscription "source subscription" `
-DestinationSubscription "destination subscription" `
-VirtualMachineName "existingvmname" `
-SourceServiceName "sourcecloudservice" `
-DestinationServiceName "destinationcloudservice" `
-DestinationStorageAccount "destinationstorageaccount" `
-VNETName "DestinationVNET" `
-SubnetName "DestinationSubnet"
Source / more info
http://michaelwasham.com/2014/01/21/copy-a-windows-azure-virtual-machine-between-subscriptions/
For those who wonder if there is a better option: Yes, there is.
When you want to move instead of copy (as Thiago suggested) you should do the following:
Create a JSON file with this content:
{
"targetResourceGroup": "/subscriptions/<TARGET-SUBSCRIPTION-ID>/resourceGroups/<TARGET-RESOURCEGROUP-NAME>",
"resources": [
"<SOURCE-RESOURCE-ID>"
]
}
Note that you may have multiple resources which belongs to a VM: VM, cloudservice, storage account, VNet, reserved IP, ...
You need to add the resource IDs of all these resources into the JSON above.
Then you can run:
armclient post https://management.azure.com/subscriptions/<SOURCE-SUBSCRIPTION-ID>/resourceGroups/<SOURCE-RESOURCEGROUP>/moveResources?api-version=2015-01-01 #<PAHT_TO_JSON> -verbose
on your command line. You will ned armclient, which you can install by using choco:
choco install armclient