I am trying to SysPrep a VM in Azure via Azure DevOps YAML pipelines. In the same pipeline (previous stage), I am deploying the VM via Azure Resource Manager (ARM) templates and copying scripts and files to the machine. I want to automate the whole process so RDP'ing into the machine is not an option. When I run SysPrep on the VM, I am getting the following error message:
##[error]The remote session query failed for <insertMyFQDN>.eastus.cloudapp.azure.com with the following error message: Access is denied.
From my repo I have a couple of files, including a PowerShell script that SysPreps the machine (sysPrepvm.ps1) - taken from Run SysPrep remotely through commands from Azure powershell. The script works when I am logged in on the machine and run in manually.
sysPrepvm.ps1
$sysPrepPath = 'C:\Windows\System32\Sysprep\Sysprep.exe'
$arguments = '/generalize /oobe /shutdown /quiet'
Invoke-Command -ScriptBlock {param($sysPrepPath,$arguments) Start-Process -FilePath $sysPrepPath -ArgumentList $arguments} -ArgumentList $sysPrepPath,$arguments
I am using the built-in task in Azure DevOps, "Powershell on Target Machines", with which I am able to invoke other commands or scripts, so I am confident that the task works.
My Stage in the YAML Pipeline looks like this:
- stage:
displayName: SysPrep
variables:
azFQDN: $[stageDependencies.Connect.connect.outputs['SetEnvVars.azFQDN']]
jobs:
- job: SysPrepVhD
steps:
- task: PowerShellOnTargetMachines#3
inputs:
Machines: '$(azFQDN)' # FQDN on the machine
UserName: '$(adminUser)'
UserPassword: '$(adminPw)'
ScriptType: 'FilePath'
ScriptPath: 'C:\Windows\System32\Sysprep\fishtank\sysPrepvm.ps1'
Is there a limitation of running this remotely? I haven't been able to find a work-around yet, so any answer is greatly appreciated.
Edit
I have also tried running the script with -Verb RunAs, as an Inline script instead of File, as well as tried the accepted answer on the previous post:
Sysprep an Azure VM using PowerShell task in a pipeline
I managed to find a way using Custom Script Extension instead. I didn't think of doing this at first, since the ARM template I am using already has a Custom Script Extension on the machine to enable WinRM, and cannot have multiple Custom Script Extensions installed at the same time. Also, I didn't want to execute SysPrep as soon as the machine booted because it had to run other scripts and settings first. In my YAML pipeline, I managed to remove the existing one to redeploy a new Custom Script Extension with the script included.
I posted the entire solution on GitHub - https://github.com/Crytlig/azsysprep - for anyone in interested. It obviously needs a bit of cleaning but it works as is.
Related
I've got a very frustrating situation using the Azure CLI and attempting to replace the content of an Automation Account.
I am attempting to update it via a Azure DevOps pipeline AzureCLI#2 task. This is the script line i am calling
az automation runbook replace-content --debug --automation-account-name "${{ parameters.automationAccountName }}" --resource-group "${{ parameters.resourceGroup }}" --name "Schedule Summary" --content "`#temp.txt"
The issue i am having is the automation account runbook is updated, but the text is truncated. The contents of temp.txt is this -
Param(
[string]$resourceGroup ='',
[string]$UAMI ='',
[string]$serverInstance ='',
But the script that ends up in the runbook is simply
Param(
Its clearly breaking on CRLF but i can't figure out how to fix it. If i remove all CRLF then it appears as one line and the script then doesn't run.
I can tell where the problem is? Is the AzureCLI, powershell? or the devops task.
I've tried in my environment by adding Devops CLI extension in Azure bash and it worked for me successfully with the same parameters as yours.
I created a PS file in Az cloud itself and saved with the .ps1 extension as set the runbook type to PowerShell and updated the script as follows:
az automation runbook replace-content --content "#runbook.ps1" --automation-account-name "xxxxautomation" --name "xxxxrunbook" --resource-group "xxxxRG"
vi runbook.ps1:
Content replacement done in runbook:
If still the issue persists: In Azure DevOps, call a webhook with parameters and then start a runbook that imports the Azure DevOps runbooks.
But when you are dealing with Azure DevOps, I suggest you create or update runbooks via API instead of PowerShell modules which is efficient.
I run the script in windows hosted agent and reproduce your issue.Its clearly breaking on CRLF. Because windows can't identify the CRLF. You should run the script in Linux agent.
breaking on CRLF based on windows agent
alter to linux agent in pipeline
pool:
vmImage: ubuntu-22.04
I tried different ways to deploy my local logic app from VS Community using powershell but none of them are working.
Any solutions for this?
Logic App deployment successful from Visual Studio (local) through PowerShell Command
The following command worked for me
New-AzResourceGroupDeployment -ResourceGroupName <Azure-resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.logic/logic-app-create/azuredeploy.json
and here is the output:
Here is the process that I followed before running the above command.
Process Flow:
I have found that there are 2 ways of deploying logic app through PowerShell i.e., Azure RM Template Commands and AZ Modules Commands
To work with any of the following commands, we are required to install related package files:
To deploy using Azure RM Template Commands - Run this code on PowerShell:
Install-Module -Name AzureRM -AllowClobber
To deploy using AZ module commands - Run this code on PowerShell:
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Checkout the following links to play with versions (uninstalling old and installing new), setting up the policies, connecting of Azure Accounts, etc in these:
Azure RM PowerShell Commands and Azure Az Module PowerShell Commands
Following is the process of which I have tried deploying the Local Visual Studio Logic App to Azure in PowerShell using Azure RM PowerShell Script commands:
Before deploying:
Create a Logic App in Visual Studio (File > New Project > Select 'Azure Resource Group' > Logic App)
Your solution will be ready in a few seconds, you will be able to see two json files. As you select prameters.json file you will be able to see json schema for logic app deployment.
To Connect your logic with your Azure Account, right click on LogicApp.json and select 'Open with logic app designer'. If you don't find this option, then install this extension in your project:
Right click on project and click on validate
Select your resource group, subscription and click on edit parameters - give custom name to your logic app. Otherwise, it will throw you error of null in logicAppName and shows template is invalid.
After validation, it shows the template is valid. It can be automatically validate during deployment process also, but it's good way to validate to get rid out of errors.
PowerShell Commands to deploy your logic App from visual studio (local):
Install this Power Shell provided by Microsoft Cloud.
Run in Administrator Mode > Login with Connect-AzureRmAccount command (it takes you to browser and connect with Azure account) > after that it imports your subscription and resource group details in the shell like below:
Use the following command to deploy your logic app
New-AzResourceGroupDeployment -ResourceGroupName "AzureAccountMail" -Templatefile "C:\LogicAppTemplats\template.json" -TemplateParameterFile "C:\LogicAppTemplats\parameters.json"
Check this following documentation for this command overview.
Done! Deployment Succeeded.
Now Check out in the azure portal:
Note:
Here you can find the template file and parameters.json file under your project:
Make Sure you given your logic app name value here in the parameters.json file:
And Provide the logic app name, deployment location values in the template.json file (LogicApp.json)
I have a task: to install solution (wsp) on remote machine using Azure DevOps Pipelines.
I have folder with *.wsp. And I have a PS-script. If I do it manually on this machine it works fine. No errors.
But when I use Azure DevOps I have a message:
Add-PSSnapin : No snap-ins have been registered for Windows PowerShell version 5.
At C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1:1 char:1
+ Add-PSSnapin "Microsoft.SharePoint.Powershell"
At the very beginning of my PS script I have this:
Add-PSSnapin "Microsoft.SharePoint.Powershell"
I need it, because I use Uninstall-SPSolution, Remove-SPSolution, Add-SPSolution and Install-SPSolution cmdlets inside script.
I've tried to add
Add-PSSnapin "Microsoft.SharePoint.Powershell"
to "profile.ps1", I've tried to run powershell inside powershell. Again and again error is the same. I don't understand how to fix it.
https://i.stack.imgur.com/UNM7R.png
https://i.stack.imgur.com/NTiWs.png
https://i.stack.imgur.com/sA6tU.png
https://i.stack.imgur.com/bK9kq.png
Try preceding your command with Get-PSSnapIn:
if (Get-PSSnapin "Microsoft.SharePoint.Powershell") {
Add-PSSnapin "Microsoft.SharePoint.Powershell"
}
Add-PSSnapin : No snap-ins have been registered for Windows PowerShell version 5.
At C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1:1 char:1
Based on the error message, when the powershell execute the ps file, it get the error.
In Auzre Devops Powershell task, it will use the powershell.exe from C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.
The exe path you use to execute the powershell file is different from the default.
You could run the following command in azure devops:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Get-PSSnapin -Registered
and
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Get-PSSnapin -Registered
You can check if the Microsoft.SharePoint.Powershell exists.
Then you could use the correct powershell.exe path to execute the ps file.
For example:
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe "path/xx.ps"
My (dotNET) application is built (using a Windows Hosted agent), from a build pipeline, and in the subsequent Release pipeline, I provision a 16GB-Win2016 VM (enabling RDP, HTTP, HTTPS, WinRM and SSH), into which I RDP manually (there is a Manual Intervention task here), and configure WinRM (following this article: https://learn.microsoft.com/en-us/azure/marketplace/cloud-partner-portal/virtual-machine/cpp-configure-winrm-after-vm-creation#configure-vm-to-enable-winrm). Everything is fine until here. The next task is a Azure File Copy task, which essentially copies the Build artifacts (from $(System.DefaultWorkingDirectory)) and pastes into a directory I specify. Works like a charm. The next task I have is to create a VHD of this whole VM (essentially after the copying is done).
I know I can manually RDP into the VM (again) and sysprep (with oobe/generalize/shutdown), then maybe go back to the Azure Portal and Disk Export the OS Disk (specifying the SAS URL expiration time at whatever (36000 per the article)) BUT can this all be automated?
So, long story short - I'd like to know if sysprep oobe/generalize/shutdown can be performed remotely preferably over a PS task. I understand the other part of it (exporting the disk and all) can be, but if sysprep can be done remotely nothing like it.
I tried this and got what I wanted:
$sysprep= 'C:\Windows\System32\Sysprep\Sysprep.exe'
$arg1 = '/generalize'
$arg2 = '/oobe'
$arg3 = '/shutdown'
$arg4 = '/quiet'
& $sysprep $arg1 $arg2 $arg3 $arg4 -Wait
Make sure you do NOT use Azure custom script extension to run sysprep.
Azure scripts run under the LocalSystem user context: source
Custom Script Extension will run under the LocalSystem Account
This is problematic because sysprep does NOT support running under a system user context: source
Sysprep cannot be run under the context of a System account. Running Sysprep under the context of System account by using Task Scheduler or PSExec, for example, is not supported.
Providing this so that people avoid my mistake :)
So, you dont have to configure winrm manually, you can script it\configure it while provisioning the vm. and if\when winrm is working you can just use powershell remoting to issue a command against the vm with:
Invoke-Command -ComputerName dnsname\ipaddress_goes_hehe
-ScriptBlock { sysprep /shutdown /generalise}
https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-winrm-windows
You can implement this using an Azure custom script extension. There is a github project:
https://github.com/jlongo62/AzureVMToImage containing powershell scripts to image a VM. These scripts were built to preserve VM when creating an image, instead of destroying the original VM. The scripts can be called from Azure Devops. There is no need to authenticate against the VM.
The meat of what you need is:
1- create a storageaccount blob containing the following script (the -Wait is very important):
Start-Process -FilePath C:\Windows\System32\Sysprep\Sysprep.exe -ArgumentList '/generalize /oobe /quiet /quit' -Wait
2 - invoke it on the VM:
$response = Set-AzureRmVMCustomScriptExtension `
-ResourceGroupName $vm.ResourceGroupName `
-VMName $vm.Name `
-Location $vm.Location `
-Name $ExtensionName `
-FileUri $blobUri `
-Run $FileName
We have a build pipeline that includes an Azure File Copy task which copies some files from our build output to an Azure VM.
Every day now for at least a week this task has been failing with the following error:
##[error]Failed to enable copy prerequisites. Multiple VMExtensions per handler not supported for OS type 'Windows'. VMExtension
'WinRMCustomScriptExtension' with handler
'Microsoft.Compute.CustomScriptExtension' already added or specified
in input.
We have had this issue before a few times, however, the problem has, up until now seamed to corrected itself without any changes by us. This time however, it does not look like the problem is going to resolve itself without some changes or intevention.
Can you help?
Could you please provide some more information?
Which version of Copy Files are you using?
Are you using Classic or Azure Pipelines?
Which agent pool are you using?
Can you post the yaml of the Task here like this:
steps:
- task: CopyFiles#2
displayName: 'Copy Files to: 123'
inputs:
TargetFolder: /output
Azure File Copy task might fail to remove a custom extension after finishing using it. You can refer to an issue reported here.
You can try using the newest version of task Azure File Copy. Or try running below scripts to uninstall the extension before using this task as suggested in the issue thread above..
$ExtensionName = Get-AzureRmVMExtension -ResourceGroupName $VM.ResourceGroupName -VMName $VM.Name -Name WinRMCustomScriptExtension
Remove-AzureRmVMCustomScriptExtension -ResourceGroupName $VM.ResourceGroupName -VmName $VM.Name -Name $ExtensionName