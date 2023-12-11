Azure VM Runtime Team
Azure VM Runtime Team
Latest posts
Handling Machine Reboots with VM Applications
One confusion around all of our extensions is: how are reboots handled? This varies by extension, but only VM Applications provide the option on how to handle them. It does this via the "scriptBehaviorAfterReboot" property. "resources": [ { "type": "Microsoft.Compute/galleries/applications/versions", "apiVersion": "2024-03-03", "name": "[concat(parameters('galleries_mygallery_name'), '/', parameters('applicationDefinitionName'), '/', parameters('version'))]", "location": "[parameters('resourceLocation')]", "properties": { ...
Extension concerns when replacing the OS disk
One confusing area regarding extensions on Azure VMs is - what happens when the OS disk is swapped out? Well, in that case the extensions will run again. Is this the desired behavior? Well, we don't know. There are many types of extensions. Some handle monitoring and security, so those you'll probably want to keep. Some install applications, like VM Applications. You'll probably want those re-installed. Others run a command, such as RunCommand or CustomScript. Those scripts will be re-run, which may be bad or good. Sometimes, those scripts setup the environment on the machine. In that case, it's good that t...
Using Powershell7 with Managed Runcommand
Today, all scripts run through Managed RunCommand will by default use Powershell 5. What if you have a script that requires Powershell7? This is supported via a new feature, but you will need to specify the different script shell. Here's what you need to do. Ensure your VM has Powershell7 Powershell7 is not installed by default. To ensure it's available on your machine, you have the following options. Here's an example on how to do this: By the time you read this, you'll likely need to update the download of Powershell7, which can be found here. To verify that everything installed,...
Properly cycling domain passwords with the JSonADDomain extension
For those familiar with the JsonAdDomain extension, it provides an easy way to join VMs to your domain. However, one aspect that customers have been less crazy about is that the domain password must be shared in the protected settings (where it is at least encrypted) and, more importantly, the functionality of the extension doesn't work well with standard security practices. There are several basic security practices involving something like a domain password: The standard procedure for cycling passwords is to actually have two keyvaults. Each contains a password, but only one is valid. When a...
So how many replicas should my VM Application use?
One great advantage of VM Applications is the ability to specify how many replicas you want for each VM Application version. While documentation exists on how to specify replicas, we don't really provide advice on determining how many replicas to use. The goal of this post is to rectify that gap. First, the basics. When you specify a replica count, we create one storage account behind the scenes for each replica. These are shared across versions of the same application. So, if you have version 1, 2, and 3, and each has 3 replicas, then they'll all use the same storage account underneath. Different applications...
Introducing Managed RunCommand Artifacts
As most of you may know from the current Managed RunCommand documentation there are multiple ways your script may be specified. However, what if your script uses various artifacts that also must be downloaded to the machine? Well, in the past it was necessary to call RunCommand are use some other technique to get those files on the machine. That process is now simplified. Added to the properties for Managed RunCommand is "artifacts". This is a collection containing artifacts with three properties. artifactUri - The uri from which to download the artifact. As with scriptUri, this may be a SAS ...
Using Managed RunCommand in an ARM Template
Perhaps one of the largest differences between "Action RunCommand" (internally called RunCommand V1) and "Managed RunCommand" (internally called RunCommand V2) is that Managed RunCommands are ARM resources themselves. That means you can use them in ARM templates. Recently, I needed to issue a RunCommand in an ARM template, so I looked around for examples how to do this. Yes, even though we wrote RunCommand, we're just as lazy as anyone else. However, I didn't find anything, so I thought I'd share how this works so others may be lazy where I failed. The following is an example resource for a VM. This is f...
When will CustomScript extension re-execute my script?
One of the lesser known differences between RunCommand and CustomScriptExtension is the fact that we do promise to not re-run your script in RunCommand, but no such promise exists for CustomScript. This is mentioned in the documentation, which isn't often fully understood. However, more than once I've been asked: when does CSE actually re-run the script? The answer is, it may run on a reboot. This can happen if your script never finished running. This is actually by design, since many scripts run by CSE may reboot the machine. So, in that case the scripts runs, installs some stuff, reboots the machine...
The treatFailureAsDeploymentFailure flag
In both VmApplications and RunCommand, we support a property called "treatFailureAsDeploymentFailure". Note that for Managed RunCommand it may not be visible yet in Powershell or CLI, but it is available via ARM. Note that this flag is only available for managed RunCommand. It is not available for action RunCommand. For those unaware, managed RunCommand is the newer version and should be used by default. This flag originated in VmApplications, where the question arose "what if my application should fail to install?" Should this result in a failed deployment? In some cases yes, but in others no. The truth is we...