I am creating Windows VMs from the azure xplat cli, using the following command:
azure network vnet create --location "East US" testnet
azure vm create --vm-name xplattest3 --location "East US" --virtual-network-name testnet --rdp 3389 xplattest3 ad072bd3082149369c449ba5832401ae__Windows-Server-Remote-Desktop-Session-Host-on-Windows-Server-2012-R2-20150828-0350 username SAFEpassword!
After the Windows VM is created I would like to execute a powershell script to configure the server. As far I understand, this is done by executing a CustomScriptExtension.
I found several examples for PowerShell but no examples for Xplat cli.
I would like, for example, to run the following HelloWorld PowerShell script:
New-Item -ItemType directory -Path C:\HelloWorld
After reading documentation I should be able to run a CustomExtensionScript by executing something like this (the following command does not work):
azure vm extension set xplattest3 CustomScriptExtension Microsoft.Compute 1.4 -i '{"URI":["https://gist.githubusercontent.com/tk421/8b7dd37145eaa8f82e2f/raw/36c11aafd3f5d6b4af97aab9ef5303d80e8ab29b/azureCustomScriptExtensionTest"] }'
I think that the problem is the parameter -i. I have not been able to find an example on Internet. There are some references and documentation such as MSDN and Github, but no examples.
Therefore, my question: How to execute a PowerShell script after creating a Windows VM in Azure using the xplat cli ?
Please note that the my current approach is a CustomScriptExtension, but anything that allows to bootstrap a configuration script will be considered!
EDIT How do I know it is failing ?
After I run the command azure vm extension ...:
xplat cli confirms that the command has been executed properly.
As per MSDN documentation, the folder C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\ is created, but there is no script downloaded to C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\{version-number}\Downloads\{iteration}
The folder C:\HelloWorld is not created, which means that the contents of the script has not been executed.
I cannot find any sort of logs or a trace to know what happened. Does anyone knows where can I find this information ?
The parameters (The Json) that I used after reading the MSDN documentation were not correct. However, you can get clues of the correct parameters by reading the C# code.
And the final command is:
azure vm extension set xplattest3 CustomScriptExtension Microsoft.Compute 1.4 -i '{"fileUris":["https://macstoragetest.blob.core.windows.net/testcontainername/createFolder.ps1"], "commandToExecute": "powershell -ExecutionPolicy Unrestricted -file createFolder.ps1" }'
This command successfully creates the C:\HelloWorld directory.
NOTE: I decided to upload the script to Azure as I read in a post and in the documentation that is mandatory. However I just made a test to download the original script from Github and it is working fine, so I guess that the documentation is a bit outdated.
EDIT: I created an detailed article that explains how to provision windows servers with xplat-cli in Azure.
Related
I have a PowerShell script that I want to run on some Azure AKS nodes (running Windows) to deploy a security tool. There is no daemon set for this by the software vendor. How would I get it done?
Thanks a million
Abdel
Similar question has been asked here. User philipwelz has written:
Hey,
although there could be ways to do this, i would recommend that you dont. The reason is that your AKS setup should not allow execute scripts inside container directly on AKS nodes. This would imply a huge security issue IMO.
I suggest to find a way the execute your script directly on your nodes, for example with PowerShell remoting or any way that suits you.
BR,
Philip
This user is right. You should avoid executing scripts on your AKS nodes. In your situation if you want to deploy Prisma cloud you need to go with the following doc. You are right that install scripts work only on Linux:
Install scripts work on Linux hosts only.
But, for the Windows and Mac software you have specific yaml files:
For macOS and Windows hosts, use twistcli to generate Defender DaemonSet YAML configuration files, and then deploy it with kubectl, as described in the following procedure.
The entire procedure is described in detail in the document I have quoted. Pay attention to step 3 and step 4. As you can see, there is no need to run any powershell script:
STEP 3:
Generate a defender.yaml file, where:
The following command connects to Console (specified in [--address](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_kubernetes.html#)) as user <ADMIN> (specified in [--user](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_kubernetes.html#)), and generates a Defender DaemonSet YAML config file according to the configuration options passed to [twistcli](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_kubernetes.html#). The [--cluster-address](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_kubernetes.html#) option specifies the address Defender uses to connect to Console.
$ <PLATFORM>/twistcli defender export kubernetes \
--user <ADMIN_USER> \
--address <PRISMA_CLOUD_COMPUTE_CONSOLE_URL> \
--cluster-address <PRISMA_CLOUD_COMPUTE_HOSTNAME>
- <PLATFORM> can be linux, osx, or windows.
- <ADMIN_USER> is the name of a Prisma Cloud user with the System Admin role.
and then STEP 4:
kubectl create -f ./defender.yaml
I think that the above answer is not completely correct.
The twistcli command, does not export daemonset for Windows Nodes. The "PLATFORM" option, is for choosing the OS of the computer that the command will run.
After testing, I have made the conclusion that there is no Docker Image for Prisma Cloud for Windows Kubernetes Nodes, as it is deployed as a service at Windows OS, and not Container (as in Linux). Wrapping up, the Daemonset is not working at the Windows Hosts
I believe the only solution is this -> Windows
This is the Powershell script that Wytrzymały Wiktor has mentioned.
Unfortunately this cannot be automated easily, as you have to deploy an Azure VM per AKS Cluster (at the same network), and RDP to the AKS Windows Node and run the script.
If anyone has another suggestion or solution, feel free to share.
I hope someone can help me with the following :
I’ve created a script to install a web site based on an existing site.
The script performs several steps - copy dirs, restore a DB, create website and application pool etc. It runs fine from the Powershell CLI under an Administrator account.
I created a WinForms frontend for this script that references Powershell and also executes that script just fine.
Now I want to create a web frontend for it. (as explained here : http://devinfra-us.blogspot.com/2011/02/using-powershell-20-from-aspnet-part-1.html)
However I can’t get the ‘new-website’ cmdlet to work via the web frontend. All the other steps in the script work, including ‘new-WebappPool’ (I can see the new appPool in IIS manager). I don’t get any errors..
I’ve made sure the script runs with Administrator rights (security is not a concern at this point)
Below is some output from the Powershell transcript :
**********************
Windows PowerShell transcript start
Start time: 20200106164117
Username: NNN-WEB\adminArr <-- Administrator account
RunAs User: NNN-WEB\adminArr
Machine: NNN-WEB (Microsoft Windows NT 10.0.14393.0)
Host Application: c:\windows\system32\inetsrv\w3wp.exe -ap DefaultAppPool -v v4.0 -l webengine4.dll -a \\.\pipe\iisipmd4bdced8-d455-428b-b9ef-8b3e2bfb38dd -h C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config -w -m 0 -t 20 -ta 0
Process ID: 8448
PSVersion: 5.1.14393.3383
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.14393.3383
BuildVersion: 10.0.14393.3383
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1
You could use the below PowerShell command to create a site in iis:
Import-Module WebAdministration
New-WebAppPool NewAppPool
New-Website -Name "mike" -Port 8086 -PhysicalPath c:\casp -ApplicationPool NewAppPool
Do not forget to refresh the iis after running the command.
Although in my script I also used the commands mentioned in Jalpa's example, I tried his example script anyway. I got the error 'Cannot add duplicate collection entry of type 'site' with unique key attributes 'name, id' respectively set to 'mike3, 2' - which I didn't get using my own script...
Thanks to this error, I figured out that if there are already some existing sites, you also have to specify the 'ID' parameter of the new-website command - so like 'new-website -Name "testsite" -Id 4 etc.'. The ID has to be a number not in use by any other sites.
This made it work :-)
I need to install software on Azure VM with Ubuntu image. One way of manually doing it is ssh into the terminal using putty or other command-line tool and executing the installation bash command. Another way of doing it was by automating this by creating a bash script and calling it from Azure automation. But I unable to find a way to call the bash script from the azure automation runbooks. Kindly let me know if this is possible.
I am able to call powershell scripts because Azure Automation supports powershell by default.
I tried using the command New-SshSession and using Invoke-SshCommand to run my command but I get the below error while trying to connect to a session.
Also, what are the prerequisites for using New-SshSession (see below)?
New-SshSession -ComputerName 'ComputerName' -Username 'UserName'
Unable to create SSH client object: Exception calling ".ctor" with "4" argument(s): "Could not load type 'System.Security.Cryptography.HMACRIPEMD160' from assembly 'mscorlib, Version=4.0.0.0, Culture=neutral,
Are there any prerequisites before I should start using New-SshSession? Do I need to install any .Net library on my linux machine?
Welcome to Stack Overflow!!
If the requirement was for Windows VM then it would have been easy by leveraging Invoke-AzVmRunCommand cmdlet but as requirement is for Linux VM so looks like the comment (with sample script) provided by Azure Automation team content author in this GitHub helps you to accomplish your requirement of executing bash commands on Azure Linux VM using azure automation.
Hope this helps!!
I want to be able to either run a Windows Container as a domain user
Example (no idea on how to run as a different user)
docker run -it microsoft/nanoserver powershell
Or alternatively being able to run powershell script in the container as a domain user. I would have to pass in -e to docker run .. but that is ok.
The reason for this is to run something like (but the application uses domain resources like SQL and file shares)
dotnet app.dll
the answer to your question eventually found it's way to the container docs and is brand new.
please refer to this link until it will be published in the MSDN container site.
https://github.com/Microsoft/Virtualization-Documentation/blob/live/virtualization/windowscontainers/manage-containers/manage-serviceaccounts.md
----edit:---
and live link has moved again:
https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts
I have infinite loop PowerShell (Testing purpose) script, which I want to run as a Service in Windows Server 2008 R2 (Standard).
I'm using the following command to create the Windows service,
sc.exe create "My PS1Service" binPath= "powershell.exe -NoLogo -Path D:\TEST\test.ps1"
And the result is [SC] CreateService SUCCESS
But when I try to run the service My PS1Service , it return the following error
Windows Could not srart the My PS1Service service on Local
Computer
Error 1053: The service did not respond to the start or control
request in a family
Any help here !!!
Due to the length of the articles I don't want to paste them in the answer.
Check out this post which is the most comprehensive source of info I've found regarding powershell services: https://msdn.microsoft.com/en-us/magazine/mt703436.aspx
which links to an example powershell service:
http://jf.larvoire.free.fr/progs/PSService.ps1
I didn't end up successfully modifying this as it was going to take me longer to read through it and understand it than it would to use a different method for my use case, but I'd certainly be going back to that if I needed to create a service in powershell in the future.
Also this: https://www.sapien.com/blog/2017/07/12/write-a-windows-service-in-powershell/
I've been looking all over the place for a decent way to make a PS1 into a service.
Easiest way I found is with Winsw:
https://github.com/kohsuke/winsw
Works like a charm.
I have had success with Non-sucking Service Manager (NSSM) as well. https://nssm.cc/
you can create by below step:
First go to the path where PowerShell script located.
Then run below Command:
powershell.exe -ExecutionPolicy UnRestricted -File .\filename.ps1