ResourceModules icon indicating copy to clipboard operation
ResourceModules copied to clipboard

Published 20 hours ago verified publisher icon Azure

[Bug Report]: VMSS

Open Jackmt9 opened this issue 10 months ago • 0 comments

Describe the bug

When configuring a custom script on a VMSS, it is explicitly using a SAS token for the storage account. This SAS code seems to expire after about a day. On top of that, when using this module for a self-hosted agent I am facing many issues, especially with the custom script. This needs to be addressed. Also there should be a way to add the devops extension via code as well (see below). While it isn't necessary since devops automatically configures it - it would be nice.

// resource resDevOpsAgent 'Microsoft.Compute/virtualMachineScaleSets/extensions@2021-07-01' = { // name: 'Microsoft.Azure.DevOps.Pipelines.Agent' // parent: resVirtualMachineScaleSet // properties: { // publisher: 'Microsoft.VisualStudio.Services' // type: 'TeamServicesAgent' // typeHandlerVersion: '1.31' // autoUpgradeMinorVersion: false // } // }

To reproduce

Run code below and add a document to the storage account. Configure a devops agent using this vmss.

Code snippet

// This should be configured as a self-hosted agent in Azure DevOps. For more information, see here: https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/scale-set-agents?view=azure-devops
module modVirtualMachineScaleSet 'br/reference:carml/res/compute/virtual-machine-scale-set/main:1.0' = {
  name: 'Vmss-${uniqueString(deployment().name)}'
  params: {
    name: virtualMachineScaleSet.name
    tags: general.tags
    adminUsername: 'vmssadmin'
    adminPassword: '' // secret value
    imageReference: {
      publisher: 'MicrosoftWindowsServer'
      offer: 'WindowsServer'
      sku: '2022-datacenter-azure-edition'
      version: 'latest'
    }
    encryptionAtHost: false
    osDisk: {
      createOption: 'FromImage'
      diskSizeGB: 127
      managedDisk: {
        storageAccountType: 'StandardSSD_LRS'
      }
    }
    extensionCustomScriptConfig: {
      enabled: true
      fileData: [
        {
          storageAccountId: modStorageAccount.outputs.resourceId
          uri: 'https://${virtualMachineScaleSet.storageAccount.name}.blob.${environment().suffixes.storage}/scripts/customScript.ps1'
        }
      ]
      protectedSettings: {
        commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command "& ./customScript.ps1"'
      }
    }
    osType: 'Windows'
    skuName: 'Standard_D2s_v3'
    skuCapacity: 1
    singlePlacementGroup: false
    scaleSetFaultDomain: 1
    nicConfigurations: [
      {
        nicSuffix: '.nic'
        ipConfigurations: [
          {
            name: '${virtualMachineScaleSet.name}-defaultIpConfiguration'
            properties: {
              primary: true
              subnet: {
                id: virtualMachineSubnetId
              }
              privateIPAddressVersion: 'IPv4'
            }
          }
        ]
      }
    ]
    // diagnosticSettings: [
    //   {
    //     workspaceResourceId: resourceId(
    //       logAnalytics.resourceGroup,
    //       'Microsoft.OperationalInsights/workspaces',
    //       logAnalytics.name
    //     )
    //   }
    // ]
  }
  dependsOn: [resStorageUpload]
}

Relevant log output

No response

Jackmt9 avatar Apr 19 '24 19:04 Jackmt9