1

I've worked with ARM templates a bit but building ARM projects in Visual Studio is new. When you create VM resources and then subsequently create a script or DSC extension, in addition to the new JSON, Powershell changes are made, but the next run of the Powershell script prompts newly for _artifactsLocation and _artifactsSASToken.

Can someone explain what these values refer to, point me at the documentation for how to ensure that an ARM template deployment for a resource group uploads the accompanying additional script/DSC assets and ensure they're executed? All the documentation I've been able to find refers to web applications and assumes that the asset you want to upload is a web application to run.

EDIT FOR CLARITY: When you add a DSC resource to an existing ARM project in Visual Studio, it adds code to create storage containers and upload the DSC scripts, but this seems incomplete? Running the script from a powershell prompt prompts for incomplete parameters, seemingly ignoring the code that creates a storage account if it doesn't exist...

Elomis
  • 313
  • 1
  • 2
  • 13

1 Answers1

1

You need upload your DSC zip file to Azure Storage account. The path is https://<accoutn name>.blob.core.windows.net/<container name>/DSC/<name.zip>.

_artifactsLocation is your storage account path, the value is https://<accoutn name>.blob.core.windows.net/<container name>.

_artifactsSASToken is your storage account SAS Token. About sas token, see this link.

You could get the two value by using Power Shell.

$StorageAccountContext = (Get-AzureRmStorageAccount | Where-Object{$_.StorageAccountName -eq $StorageAccountName}).Context

# Generate the value for artifacts location if it is not provided in the parameter file
$ArtifactsLocation = $OptionalParameters[$ArtifactsLocationName]
if ($ArtifactsLocation -eq $null) {
    $ArtifactsLocation = $StorageAccountContext.BlobEndPoint + $StorageContainerName
    $OptionalParameters[$ArtifactsLocationName] = $ArtifactsLocation
}

# Generate the value for artifacts location SAS token if it is not provided in the parameter file
$ArtifactsLocationSasToken = $OptionalParameters[$ArtifactsLocationSasTokenName]
if ($ArtifactsLocationSasToken -eq $null) {
    # Create a SAS token for the storage container - this gives temporary read-only access to the container
    $ArtifactsLocationSasToken = New-AzureStorageContainerSASToken -Container $StorageContainerName -Context $StorageAccountContext -Permission r -ExpiryTime (Get-Date).AddHours(4)
    $ArtifactsLocationSasToken = ConvertTo-SecureString $ArtifactsLocationSasToken -AsPlainText -Force
    $OptionalParameters[$ArtifactsLocationSasTokenName] = $ArtifactsLocationSasToken
 }
}

See this example on GitHub.

Shui shengbao
  • 3,583
  • 1
  • 11
  • 20
  • Hi, `_artifactsSASToken` and `$ArtifactsLocationSasToken` is same, they are storage account sas token. – Shui shengbao Jan 18 '18 at 02:24
  • Does this have to be done beforehand? The powershell code for Deploy-AzureResourceGroup.ps1 absolutely has code in there to create storage for artifacts, and a call to Publish-AzureRmVMDscConfiguration which uploads DSC scripts. It looks for all the world like this doesn't have to be done beforehand and a visual studio project does it, it just seems like the adding those resources to a VS project creates incomplete code? – Elomis Jan 18 '18 at 02:33
  • You need upload your module to Azure storage account firstly, template could not do this. – Shui shengbao Jan 18 '18 at 02:40
  • `it adds code to create storage containers and upload the DSC scripts, but this seems incomplete? ` The storage account is used for your VM, you need create a storage account firstly and upload your DSC module. – Shui shengbao Jan 18 '18 at 02:41
  • Hi, I suggest you could check this [example](https://github.com/Azure/azure-quickstart-templates/blob/master/sonarqube-azuresql/scripts/Deploy-AzureResourceGroup.ps1). You will know the process. – Shui shengbao Jan 18 '18 at 02:43
  • `"url": "[concat(parameters('_artifactsLocation'), '/', variables('shuitestArchiveFolder'), '/', variables('shuitestArchiveFileName'))]",` If you upload your module on a public area, such as github, public storage account. You don't need sas token. Only, the storage account is private, you need sas token. – Shui shengbao Jan 18 '18 at 02:51