Azure: Deprovision a linux instance using Custom Script Extension

Question

I am attempting to deprovision an Azure Linux instance using the Custom Script Extension.

My Script stored in an Anonymous Access Blob:

sudo waagent -deprovision+user -verbose -force
exit

My Command to apply the extension:

az vm extension set --resource-group rg01--vm-name vm01--name CustomScript --publisher Microsoft.Azure.Extensions --version 2.0  --settings "{'fileUris': [ 'https://mystorageaccount.blob.core.windows.net/scripts/Deprovision.sh' ], 'commandToExecute': 'sh Deprovision.sh'}" 

When I run the az command, all the /var/log/azure sub directories and logs disappear!. I can tell from the bastion window, something tried to delete my user account, so I am confident the extension is getting provisioned and run.

Unfortunately, the extension, shows all status information as unavailable, and my az command just sits there. The "Create or Update Virtual Machine Extension" item in the VM's activity log also shows no activity once the deprovision starts. The Azure activity log suggest a restart occurred and my account is no longer valid.

Hopefully Linux/Azure folks have a recipe for this...

-

I saw similar behavior in Windows, and ended up using this script to Sysprep (the -Wait was critical, as it forced the Powershell process to wait for completion, preventing the Agent from returning success/fail until the process completed.), this prevents a restart. I can then script deallocation to occur when the extension completes. I suspect something similar is going on here.

Start-Process -FilePath C:\Windows\System32\Sysprep\Sysprep.exe -ArgumentList '/generalize /oobe /quiet /quit'  -Wait 

Answer 1

While the command:

sudo waagent -deprovision+user -verbose -force

works via SSH, when run via CustomScript extension this command basically kills everything on the machine. The CustomScript extension is not able to acknowledge completion.

Using this script:

sudo shutdown +3
sudo waagent -deprovision+user -verbose -force -start

• Line 1, shuts the VM down in 3 minutes(deprovision command seems very fast)
• Line 2, adding '-start', runs waagent as a background process. This allows CustomScript extension to acknowledge completion.

Now this command completes (instead of hangs):

        var cmd = "sh Deprovision.sh";

        var result = vm.Update()
                    .DefineNewExtension("deprovision")
                    .WithPublisher("Microsoft.Azure.Extensions")
                    .WithType("CustomScript")
                    .WithVersion("2.1")
                    .WithMinorVersionAutoUpgrade()
                    .WithPublicSetting("fileUris", new string[] { blobUri })
                    .WithPublicSetting("commandToExecute", cmd)
                    .Attach()
                    .Apply();

After completion, we must poll Azure for when the VM is Stopped.

WaitForVMToStop(vm);


private void WaitForVMToStop(IVirtualMachine newVM)
{
    Context.Logger.LogInformation($"WaitForVMToStop...");

    bool stopped = false;
    int cnt = 0;
    do
    {
        var stoppedVM = Context.AzureInstance.VirtualMachines.GetById(newVM.Id);
        stopped = (stoppedVM.PowerState == PowerState.Stopped);
        if (!stopped)
        {
            cnt++;
            Context.Logger.LogInformation($"\tPolling 60 seconds for 'PowerState = Stopped on [{newVM.Name}]...");
            System.Threading.Thread.Sleep(60000);

            if (cnt > 20)
            {
                Context.Logger.LogInformation($"\tSysPrep Extension exceeded 20 minutes. Aborting...");
                throw new Exception($"SysPrep Extension exceeded 20 minutes on [{newVM.Name}]");
            }
        }

    } while (!stopped);

    Context.Logger.LogInformation($"\tWaited {cnt} minutes for 'PowerState = Stopped...");

}

This seems way too complicated to me, but it works. I especially do not like assuming deprovision will occur in 3 minutes or less. If anybody has a better way, please share.