One confusing area regarding extensions on Azure VMs is – what happens when the OS disk is swapped out?

Well, in that case the extensions will run again. Is this the desired behavior? Well, we don’t know. There are many types of extensions. Some handle monitoring and security, so those you’ll probably want to keep. Some install applications, like VM Applications. You’ll probably want those re-installed. Others run a command, such as RunCommand or CustomScript. Those scripts will be re-run, which may be bad or good.

Sometimes, those scripts setup the environment on the machine. In that case, it’s good that they re-run for a new OS disk. Others drop database tables or perform other tasks that were useful at one time, but harmful now. You probably don’t want those to re-run.

Ultimately, you’ll need to decide before swapping the OS disk, which extensions you’re comfortable with running and which you’re not. If you’re unsure, it’s safest to just remove them. You can always add them back later.

Why do these extensions re-run?

Most extensions have some form of state. On Windows, this state is kept in the registry or on disk. On Linux, it’s kept on disk. When you swap out that disk, the state is gone. For many extensions, the most important part of that state is whether the extension previously ran. Thus, when the disk is gone, and the state is thus gone, the extension believes it’s being installed for the first time and re-runs. Again, sometimes this is beneficial, and sometimes it isn’t. Only you know that.

But, I don’t have any extensions, and my script still ran!

Perhaps you ran Get-AzVmExtension and didn’t see anything there. Unfortunately, not all extensions are reported there, because some are what we call implicit extensions. These are essentially “something else” that performs its operations via extensions, but are externally represented as something else. RunCommands are a key example. Therefore, you need to search not just for extensions, but for RunCommands. RunCommands can be returned using Get-AzVmRunCommand or Invoke-AzVmRunCommand, depending on the type of RunCommand you ran (action vs managed).

So, how do I prevent my scripts from re-executing?

If you previously used either managed or action RunCommand on the VM, and you don’t want it to re-execute after swapping out the OS disk, then you can remove the RunCommand or the extension.

Action RunCommand You can remove the extension via: Invoke-AzVMRunCommand -ResourceGroupName ‘rgname’ -VMName ‘vmname’ -CommandId ‘RemoveRunCommandWindowsExtension’

Alternatively, you can just change the script to do something benign like IpConfig (or ifconfig on Linux): Invoke-AzVMRunCommand -ResourceGroupName ‘rgname’ -VMName ‘vmname’ -CommandId ‘IpConfig’

Managed RunCommand Unlike action RunCommand, managed RunCommand supports multiple commands. You can list them via Get-AzVmRunCommand (or via CLI: az vm run-command show). You can remove a RunCommand using: az vm run-command delete, or Remove-AzVmRunCommand.

Custom Script Custom Script operates as any other extension, and can thus be removed via Remove-AzVmExtension.