AzureWireGuard icon indicating copy to clipboard operation
AzureWireGuard copied to clipboard

Published 20 hours ago verified publisher icon vijayshinva

_artifactsLocation and SAS token

Open mattmcspirit opened this issue 6 years ago • 2 comments

Hey - in your readme, you state that you only need to supply the admin username and password, however, when deploying through the Azure Portal, it's also asking for 2 required parameters around the _artifactsLocation and corresponding SAS token.

Can you provide guidance in your docs for what's required here?

Thanks!

mattmcspirit avatar Jan 22 '19 20:01 mattmcspirit

@mattmcspirit Thanks for bringing this up. I have updated the README file with details regarding _artifactsLocation and _artifactsLocationSasToken.

In short, Azure ARM needs a Storage Account (_artifactsLocation) to upload this template while deploying. The Shared access signature (_artifactsLocationSasToken) is used to grant access to this Storage Account.

vijayshinva avatar Jan 23 '19 06:01 vijayshinva

Hey @vijayshinva - I don't believe ARM needs a Storage Account for this part of the process. Instead, you could do the following in your parameters section of the JSON:

        "scriptUrl": {
            "type": "string",
            "metadata": {
                "artifactsBaseUrl": "",
                "description": "Choose where the AzureWireGuard.sh install script can be found"
            },
            "defaultValue": "https://raw.githubusercontent.com/vijayshinva/AzureWireGuard/master/AzureWireGuard/CustomScripts/AzureWireGuard.sh"
        }

By doing this, by default, the users can point directly to your bash script, but if they wish to fork your repo and use their own, they can override as necessary.

In addition to the parameters section, you would also edit the Custom Script Extension:

        "properties": {
          "publisher": "Microsoft.Azure.Extensions",
          "type": "CustomScript",
          "typeHandlerVersion": "2.0",
          "autoUpgradeMinorVersion": true,
          "settings": {
            "skipDos2Unix": false,
            "fileUris": [
              "[parameters('scriptUrl')]"
            ],
            "commandToExecute": "[concat('bash AzureWireGuard.sh ', reference(resourceId('Microsoft.Network/publicIPAddresses', variables('resourceName'))).dnsSettings.fqdn, ' ', parameters('adminUsername'))]"
          }
        }

The CustomScript Extension will download the AzureWireGuard.sh script automatically (from the location specified as the parameter, and store it in a specific extension location within the Linux OS, and then run it as part of the commandToExecute.

You then wouldn't need to ask the user for any additional parameters relating to the storage accounts.

Hope that helps! Matt

mattmcspirit avatar Jan 23 '19 18:01 mattmcspirit

The template has been updated to use Bicep and the dependency on the storage account has been removed. The deployment steps are simplified now. Please try now.

vijayshinva avatar Apr 22 '23 08:04 vijayshinva