0

In Linux VMs there is an option to pass script from the local folder as discussed here. As per the following windows VM code, The VM needs outbound network access to fileUris, This is changeable for me and in most of the cases VM doesn't have access, and the custom script is getting an Error. Is any option to pass the PS scripts content as an argument for "Custom Script Extension for Windows"?

resource "azurerm_virtual_machine_extension" "custom-script" {
  name                       = "customScript"
  virtual_machine_id         = azurerm_windows_virtual_machine.vm.id
  publisher                  = "Microsoft.Compute"
  type                       = "CustomScriptExtension"
  type_handler_version       = "1.10"
  auto_upgrade_minor_version = true
  settings                   = <<SETTINGS
      {
      "timestamp":123456789
      }
      SETTINGS
  protected_settings         = <<PROTECTED_SETTINGS
          {
          "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File script.ps1",
          "fileUris": ["https://mystorage.blob.core.windows.net/ps/script.ps1"]
          }
          PROTECTED_SETTINGS
user881703
  • 1,111
  • 3
  • 19
  • 38
  • Hello @user881703, May I know if you have tried with assigning a managed identity to the VM and assigning it a Storage Blob data contributor role to access the storage account ? – Ansuman Bal Sep 15 '21 at 05:58
  • "The VM needs outbound network access to fileUris, This is changeable for me and in most of the cases VM doesn't have access, and the custom script is getting an Error." You cannot add service tags for storage to allow vm to access the storage endpoint? and what is the error? – Ansuman Bal Sep 15 '21 at 05:59
  • "Is any option to pass the PS scripts content as an argument for "Custom Script Extension for Windows"?" Do you want to write the powershell commands in terraform itself and pass it on command to execute? – Ansuman Bal Sep 15 '21 at 06:01

1 Answers1

1

Here's a way to do it (in case someone needs this in the future).

The maximum size of the script parameter's data is 256 KB as stated here: https://github.com/Azure/custom-script-extension-linux/blob/master/README.md#14-script.

data "template_file" "script" {
  template  = file("${path.module}/script.ps1")
}
 
resource "azurerm_virtual_machine_extension" "custom-script" {
      name                       = "customScript"
      virtual_machine_id         = azurerm_windows_virtual_machine.vm.id
      publisher                  = "Microsoft.Compute"
      type                       = "CustomScriptExtension"
      type_handler_version       = "1.10"
      auto_upgrade_minor_version = true
      settings                   = <<SETTINGS
          {
          "timestamp":123456789
          }
          SETTINGS
           protected_settings = <<PROTECTED_SETTINGS
              {
              "commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(data.template_file.script.rendered)}')) | Out-File -filepath script.ps1\" && powershell -ExecutionPolicy Unrestricted -File script.ps1",
              }
              PROTECTED_SETTINGS
dutompson
  • 36
  • 4