Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure VM custom script extension SAS token support

I am trying to deploy add a custom script extension to an Azure VM using an ARM template, and I want to have it download files from a storage account using a SAS token.

Here is the template (simplified):

{
    "name": "CustomScriptExtension"
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "eastus",
    "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.8",
        "settings": {
            "fileUris": [
                "https://{storage-account}.blob.core.windows.net/installers/{installer}.msi?sv=2015-04-05&sig={signature}&st=2017-05-03T05:18:28Z&se=2017-05-10T05:18:28Z&srt=o&ss=b&sp=r"
            ],
            "commandToExecute": "start /wait msiexec /package {installer}.msi /quiet"
        },
    }
}

And deploying it results in this error:

{
  "name": "CustomScriptExtension",
  "type": "Microsoft.Compute.CustomScriptExtension",
  "typeHandlerVersion": "1.8",
  "statuses": [
    {
      "code": "ProvisioningState/failed/3",
      "level": "Error",
      "displayStatus": "Provisioning failed",
      "message": "Failed to download all specified files. Exiting. Error Message: Missing mandatory parameters for valid Shared Access Signature"
    }
  ]
}

If I hit the URL with the SAS token directly it pulls down the file just fine so I know the SAS token is correct. Does the custom script extension not support URLs with SAS tokens?

like image 382
gregjhogan Avatar asked May 03 '17 06:05

gregjhogan


People also ask

What is custom script extension in Azure?

The Custom Script Extension downloads and runs scripts on Azure virtual machines (VMs). This extension is useful for post-deployment configuration, software installation, or any other configuration or management task.

What mechanism does Azure deploy custom scripts?

The Custom Script Extension integrates with Azure Resource Manager templates. You can also run it by using Azure CLI, PowerShell, or the Azure Virtual Machines REST API.

How do I add an extension to Azure VM?

You can apply VM extensions to an existing VM through the Azure portal. Select the VM in the portal, select Extensions, and then select Add. Choose the extension that you want from the list of available extensions, and follow the instructions in the wizard.


1 Answers

I figured it out, this must be a bug in the custom script extension which causes it to not support storage account level SAS tokens. If I add &sr=b on the the end of the SAS token (which isn't part of the storage account level SAS token spec) it starts working.

I found this info here: https://azureoperations.wordpress.com/2016/11/21/first-blog-post/

like image 135
gregjhogan Avatar answered Sep 30 '22 16:09

gregjhogan