azure-quickstart-templates icon indicating copy to clipboard operation
azure-quickstart-templates copied to clipboard

Published 20 hours ago verified publisher icon Azure

GatewayInstall scripts fails with error `aborted: Could not create SSL/TLS secure channel.`

Open ms-henglu opened this issue 3 years ago • 0 comments

vms-with-selfhost-integration-runtime

Issue Details

https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.compute/vms-with-selfhost-integration-runtime/gatewayInstall.ps1#L98

Repro steps

I'm using terraform to deploy a self-host ir, but the script fails with error: aborted: Could not create SSL/TLS secure channel.

At C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.12\\Download\r\ns\\0\\gatewayInstall.ps1:98 char:9\r\n+       
  $clie...' For more information, check the instance view by executing Get-AzVmssVm or Get-AzVm (https://aka.ms/GetAzVm). 
These commands can be executed using CloudShell (https://aka.ms/CloudShell)\"\r\n\r\n
More information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "

resource "azurerm_resource_group" "test" {
  name     = "acctestRG-df-henglu"
  location = "west europe"
}

resource "azurerm_virtual_network" "test" {
  name                = "acctestnw-henglu"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_subnet" "test" {
  name                 = "internal"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.test.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_public_ip" "test" {
  name                = "acctpip-henglu"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Dynamic"
}

resource "azurerm_network_interface" "test" {
  name                = "acctestnic-henglu3"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.test.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = azurerm_public_ip.test.id
  }
}

resource "azurerm_virtual_machine" "test" {
  name                  = "henglu123456"
  location              = azurerm_resource_group.test.location
  resource_group_name   = azurerm_resource_group.test.name
  network_interface_ids = [azurerm_network_interface.test.id]
  vm_size               = "Standard_F4"

  storage_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2016-Datacenter"
    version   = "latest"
  }

  storage_os_disk {
    name              = "myosdisk1"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }

  os_profile {
    computer_name  = "acctvmhenglu"
    admin_username = "testadmin"
    admin_password = "Password1234!"
  }

  os_profile_windows_config {
    timezone           = "Pacific Standard Time"
    provision_vm_agent = true
  }
}

resource "azurerm_virtual_machine_extension" "test" {
  name                 = "acctestExt-henglu"
  virtual_machine_id   = azurerm_virtual_machine.test.id
  publisher            = "Microsoft.Compute"
  type                 = "CustomScriptExtension"
  type_handler_version = "1.10"
  settings = jsonencode({
    "fileUris"         = ["https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.compute/vms-with-selfhost-integration-runtime/gatewayInstall.ps1"],
    "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File gatewayInstall.ps1 ${azurerm_data_factory_integration_runtime_self_hosted.host.primary_authorization_key} && timeout /t 120"
  })
}


resource "azurerm_resource_group" "host" {
  name     = "acctesthostRG-df-henglu"
  location = "west europe"
}

resource "azurerm_data_factory" "host" {
  name                = "acctestdfirshhhenglu"
  location            = azurerm_resource_group.host.location
  resource_group_name = azurerm_resource_group.host.name
}

resource "azurerm_data_factory_integration_runtime_self_hosted" "host" {
  name            = "acctestirshhhenglu"
  data_factory_id = azurerm_data_factory.host.id
}

resource "azurerm_resource_group" "target" {
  name     = "acctesttargetRG-henglu"
  location = "west europe"
}

resource "azurerm_role_assignment" "target" {
  scope                = azurerm_data_factory_integration_runtime_self_hosted.host.id
  role_definition_name = "Contributor"
  principal_id         = azurerm_data_factory.target.identity[0].principal_id
}

resource "azurerm_data_factory" "target" {
  name                = "acctestdfirshthenglu"
  location            = azurerm_resource_group.target.location
  resource_group_name = azurerm_resource_group.target.name

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_data_factory_integration_runtime_self_hosted" "target" {
  name            = "acctestirshthenglu"
  data_factory_id = azurerm_data_factory.target.id

  rbac_authorization {
    resource_id = azurerm_data_factory_integration_runtime_self_hosted.host.id
  }

  depends_on = [azurerm_role_assignment.target, azurerm_virtual_machine_extension.test]
}

ms-henglu avatar Jun 20 '22 05:06 ms-henglu