I created azure vm scale set with custom script extension. After some time I updated custom script extension and wanted to apply changes on each virtual machine on scale set. However nothing is changing. To update VM Scale Set I used Update-AzureRmVmss command in powershell. There is not any error message, command executes successfully
I would say you VMSS is set to update mode manual, so you need to force the node update.
https://learn.microsoft.com/en-us/powershell/module/azurerm.compute/update-azurermvmssinstance?view=azurermps-6.4.0
another thing you are missing: forceUpdateTag. check this: How to force VM created with an ARM template + CustomScriptExtension to redownload the script and run it?
It sounds like you need to update the "forceUpdateTag" property in the scale set extension profile. You can do this in your ARM template by adding this property at the same level as "publisher" and giving it any value you want (as long as it's different from the previous value). You can also do the same in Powershell and Az CLI using code like the following:
Powershell:
$vmss = Get-AzureRmVmss -ResourceGroupName YOUR_RG_NAME -Name YOUR_VMSS_NAME
$vmss.VirtualMachineProfile.ExtensionProfile.Extensions[0].ForceUpdateTag="1"
Update-AzureRmVmss -ResourceGroupName YOUR_RG_NAME -VMScaleSetName YOUR_VMSS_NAME -VirtualMachineScaleSet $vmss
CLI:
# run the first time
az vm extension set -g ...
# run again
az vm extension set --force-update -g ...
It's a bit complicated in some cases, so I threw together a quick blog post describing it:
https://negatblog.wordpress.com/2018/07/11/rerun-extensions-in-azure/
Hope this helps! :)
-Neil
Related
Is there any way to enable health check via cli in azure app services? I see that we can modify some configurations but not an option to enable/disable the feature.
Thank you!
According to my test, we can enable/disable health check via changing the value of web config healthCheckPath. For more details, please refer to here.
For example(I test it via azure cloud shell)
a. Enable
az webapp config set -g <groupName> -n <web name> --generic-configurations '{"healthCheckPath": "/api/health/"}'
b.Disable
az webapp config set -g <groupName> -n <web name> --generic-configurations '{"healthCheckPath": ""}'
Thanks to #jim-xu answer I was able to get this working for our needs.
I did struggle trying to make syntax work in an existing PowerShell script with the string quotation marks and making it a variable. I thought I'd put that syntax here in case someone else is trying this via scripts not using bash.
# variables - these might be local or parameters from your function, etc..
$webAppName= "my-web-app"
$resourceGroupName = "my-resource-group"
$healthCheckPath = "/api/health/"
# the important part
$genericConfigurations = "{\""healthCheckPath\"": \""$healthCheckPath\""}"
az webapp config set --name $webAppName `
--resource-group $resourceGroupName `
--generic-configurations $genericConfigurations `
--output none
Yes I did attempt to be conscientious and read through Use Azure CLI effectively - Using quotation marks in values and it still wasn't clear to me.
I saw many other posts with users getting caught on this syntax; example 1, example 2, example 3.
I have a Powershell script using Azure Powershell to update an Virtual Machine Scale Set (under Azure Service Fabric) to add/remove the certificates that are used by the associated service fabric virtual machines. This script works as intended and I have the following commands (I've removed some of the other logic to focus on the issue):
# This gets the Virtual Machine Scale Set object
$virtualMachineScaleSet = Get-Azvmss -ResourceGroupName $myResourceGroupName -VMScaleSetName $myVMScaleSetName
# Example of removing items from certificate items from the VMSS object.
$virtualMachineScaleSet.VirtualMachineProfile.osProfile.Secrets[$mySecretIndex].VaultCertificates.RemoveAt($myCertificateIndexThatIWantToRemove)
# Example of creating new certificate config
$newCertificateUrl = (Get-AzKeyVaultCertificate -VaultName $myKeyvaultName -Name $myCertificateName).SecretId
$newCertificateConfig = New-AzvmssVaultCertificateConfig -CertificateUrl $newCertificateUrl -CertificateStore "My"
# Example of adding new certificate to the VMSS object
$virtualMachineScaleSet.VirtualMachineProfile.OsProfile.Secrets[$mySecretIndex].VaultCertificates.Add($newCertificateConfig)
# Committing the update to VMSS
Update-Azvmss -ResourceGroupName $myResourceGroupName -VirtualMachineScaleSet $virtualMachineScaleSet -VMScaleSetName $myVMScaleSetName
The above script works fine. However, I'm now trying to convert each of the above commands to Azure CLI. The way the script will invoke means that I cannot mix and match Azure Powershell and Azure CLI commands in the same script. The commands I have so far are causing problems:
# This gets me the Virtual Machine Scale Set object
$virtualMachineScaleSet = az vmss show --name $myVMScaleSetName --resource-group $myResourceGroupName | ConvertFrom-Json
# Trying to RemoveAt gives the error: MethodInvocationException: Exception calling "RemoveAt" with "1" argument(s): "Collection was of a fixed size."
$virtualMachineScaleSet.VirtualMachineProfile.osProfile.Secrets[$mySecretIndex].VaultCertificates.RemoveAt($myCertificateIndexThatIWantToRemove)
# Not sure the CLI equivalent commands of this
$newCertificateUrl = (Get-AzKeyVaultCertificate -VaultName $myKeyvaultName -Name $myCertificateName).SecretId
$newCertificateConfig = New-AzvmssVaultCertificateConfig -CertificateUrl $newCertificateUrl -CertificateStore "My"
# Trying to Add gives the error: MethodInvocationException: Exception calling "RemoveAt" with "1" argument(s): "Collection was of a fixed size."
$virtualMachineScaleSet.VirtualMachineProfile.OsProfile.Secrets[$mySecretIndex].VaultCertificates.Add($newCertificateConfig)
So my questions are.
What are the CLI equivalent commands for the Azure Powershell script?
Why doesn't the VMSS object in the Azure CLI script seem to be the same? (At least in that I cannot change the VaultCertificates array)
Thank you in advance
All the PowerShell you used can change into two equivalent CLI commands.
One for remove:
az vmss update --resource-group $myResourceGroupName --name $myVMScaleSetName --remove virtualMachineProfile.osProfile.secrets index
One for add:
az vmss update --resource-group $myResourceGroupName --name $myVMScaleSetName --add virtualMachineProfile.osProfile.secrets '{"sourceVault": {"id": "resourceId"},"vaultCertificates": [{"certificateStore": null,"certificateUrl": "certificateUrl"}]}'
I have a windows Azure VM and need to execute “%windir%\system32\sysprep” and then execute “sysprep /generalize” both from admin mode from my local machine through Powershell. How can I do that ?
For your requirements, as I know you can use a PowerShell script to achieve it. First, you can take a look at the Sysprep, it can be run in a PowerShell command C:\WINDOWS\system32\sysprep\sysprep.exe /generalize /shutdown /oobe. Put this command inside a script, then you can use two ways to run this script in the VM from your local machine. One is that use the Invoke command.
In Azure CLI:
az vm run-command invoke --command-id RunPowerShellScript -g group_name -n vm_name --scripts #script.ps1
In PowerShell:
Invoke-AzVMRunCommand -ResourceGroupName 'rgname' -VMName 'vmname' -CommandId 'RunPowerShellScript' -ScriptPath 'sample.ps1'
Another is that use the VM extension. It's a little complex. You can take a look at the Azure PowerShell command Set-AzVMCustomScriptExtension.
Output after running:-
Value[0] :
Code : ComponentStatus/StdOut/succeeded
Level : Info
DisplayStatus : Provisioning succeeded
Message :
Value[1] :
Code : ComponentStatus/StdErr/succeeded
Level : Info
DisplayStatus : Provisioning succeeded
Message :
Status : Succeeded
Capacity : 0
Count : 0
I could't make sysprep work with Invoke-AzVMRunCommand, It run with succeeded status, but the VM was not shutdown.
Finally found https://developercommunity.visualstudio.com/t/devops-sysprep-public-agents/1375989 and it make sense.
So just use Invoke-AzVMRunCommand to run sysprep won't work, I am thinking to reset a local admin user password and run the process as local admin might be a workaround.
My (dotNET) application is built (using a Windows Hosted agent), from a build pipeline, and in the subsequent Release pipeline, I provision a 16GB-Win2016 VM (enabling RDP, HTTP, HTTPS, WinRM and SSH), into which I RDP manually (there is a Manual Intervention task here), and configure WinRM (following this article: https://learn.microsoft.com/en-us/azure/marketplace/cloud-partner-portal/virtual-machine/cpp-configure-winrm-after-vm-creation#configure-vm-to-enable-winrm). Everything is fine until here. The next task is a Azure File Copy task, which essentially copies the Build artifacts (from $(System.DefaultWorkingDirectory)) and pastes into a directory I specify. Works like a charm. The next task I have is to create a VHD of this whole VM (essentially after the copying is done).
I know I can manually RDP into the VM (again) and sysprep (with oobe/generalize/shutdown), then maybe go back to the Azure Portal and Disk Export the OS Disk (specifying the SAS URL expiration time at whatever (36000 per the article)) BUT can this all be automated?
So, long story short - I'd like to know if sysprep oobe/generalize/shutdown can be performed remotely preferably over a PS task. I understand the other part of it (exporting the disk and all) can be, but if sysprep can be done remotely nothing like it.
I tried this and got what I wanted:
$sysprep= 'C:\Windows\System32\Sysprep\Sysprep.exe'
$arg1 = '/generalize'
$arg2 = '/oobe'
$arg3 = '/shutdown'
$arg4 = '/quiet'
& $sysprep $arg1 $arg2 $arg3 $arg4 -Wait
Make sure you do NOT use Azure custom script extension to run sysprep.
Azure scripts run under the LocalSystem user context: source
Custom Script Extension will run under the LocalSystem Account
This is problematic because sysprep does NOT support running under a system user context: source
Sysprep cannot be run under the context of a System account. Running Sysprep under the context of System account by using Task Scheduler or PSExec, for example, is not supported.
Providing this so that people avoid my mistake :)
So, you dont have to configure winrm manually, you can script it\configure it while provisioning the vm. and if\when winrm is working you can just use powershell remoting to issue a command against the vm with:
Invoke-Command -ComputerName dnsname\ipaddress_goes_hehe
-ScriptBlock { sysprep /shutdown /generalise}
https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-winrm-windows
You can implement this using an Azure custom script extension. There is a github project:
https://github.com/jlongo62/AzureVMToImage containing powershell scripts to image a VM. These scripts were built to preserve VM when creating an image, instead of destroying the original VM. The scripts can be called from Azure Devops. There is no need to authenticate against the VM.
The meat of what you need is:
1- create a storageaccount blob containing the following script (the -Wait is very important):
Start-Process -FilePath C:\Windows\System32\Sysprep\Sysprep.exe -ArgumentList '/generalize /oobe /quiet /quit' -Wait
2 - invoke it on the VM:
$response = Set-AzureRmVMCustomScriptExtension `
-ResourceGroupName $vm.ResourceGroupName `
-VMName $vm.Name `
-Location $vm.Location `
-Name $ExtensionName `
-FileUri $blobUri `
-Run $FileName
I have an Azure runbook that runs on schedule. Its in powershell and this runbook starts a VM and executes a script on the VM started. How I achieve this is
1) Store the script to be run on the VM in a storage account
2) Run powershell runbook
3) Powershell runbook uses wget command to copy the script from step 1
4) Invoke-AzureRmVMRunCommand in the Azure automation powershell commands as shown below
wget "https://utilitystorageaccnt.blob.core.windows.net/utilitycontainer/token" -outfile ((Get-Location).path + "\Reporting Copy.ps1") -UseBasicParsing
Invoke-AzureRmVMRunCommand -ResourceGroupName $ResourceGroupName -VMName $VmName -CommandId 'RunPowerShellScript' -ScriptPath ((Get-Location).path + '\Reporting Copy.ps1') -ErrorVariable result
Please not that the above two commands are in the powershell runbook script and not the actual script that is run on the VM.
Facing two issues
1) When this script Reporting Copy.ps1 runs standalone on the VM, then it works properly and it has no issues. When it is run using the runbook, I get these errors in the log file on the target vm.
"New-AzStorageContext : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again."
2) Even after this error occurs, it doesnt terminate and runs in loops. This script does a copy operation and it keeps looping until all the copy is complete. I can handle code to terminate but I would like to know how to force terminate a runbook. I tried to stop the VM for even a hour and it resumes the copy operation. The runbook status in Azure shows as completed. There are two python processes that show in explorer and terminating them doesn't work either.
Any help or hint is appreciated.
Thanks.
Look like you did not imported Az PowerShell module into our Automation Account.
Please, follow this tutorial : Az module support in Azure Automation
Try to use only Az module and not AzureRM
The issue was because I had not installed the AZ module for all users like this.
Install-Module -Name Az -AllowClobber -Scope AllUsers
Instead I had used
Install-Module -Name Az -AllowClobber -Scope CurrentUser
and since the automation runs on a different user, the issue occurred. Thanks for your help.