1. 技术文章
  2. Azure VM custom script extension SAS token support

Azure VM custom script extension SAS token support

十年热恋 提交于 2019-12-07 19:44:29

问题


I am trying to deploy add a custom script extension to an Azure VM using an ARM template, and I want to have it download files from a storage account using a SAS token.

Here is the template (simplified):

{
    "name": "CustomScriptExtension"
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "eastus",
    "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.8",
        "settings": {
            "fileUris": [
                "https://{storage-account}.blob.core.windows.net/installers/{installer}.msi?sv=2015-04-05&sig={signature}&st=2017-05-03T05:18:28Z&se=2017-05-10T05:18:28Z&srt=o&ss=b&sp=r"
            ],
            "commandToExecute": "start /wait msiexec /package {installer}.msi /quiet"
        },
    }
}

And deploying it results in this error:

{
  "name": "CustomScriptExtension",
  "type": "Microsoft.Compute.CustomScriptExtension",
  "typeHandlerVersion": "1.8",
  "statuses": [
    {
      "code": "ProvisioningState/failed/3",
      "level": "Error",
      "displayStatus": "Provisioning failed",
      "message": "Failed to download all specified files. Exiting. Error Message: Missing mandatory parameters for valid Shared Access Signature"
    }
  ]
}

If I hit the URL with the SAS token directly it pulls down the file just fine so I know the SAS token is correct. Does the custom script extension not support URLs with SAS tokens?


回答1:


I figured it out, this must be a bug in the custom script extension which causes it to not support storage account level SAS tokens. If I add &sr=b on the the end of the SAS token (which isn't part of the storage account level SAS token spec) it starts working.

I found this info here: https://azureoperations.wordpress.com/2016/11/21/first-blog-post/




回答2:


As @4c74356b41 said. Now, customer script extension template does not support SAS tokens. If you want to download file from a private storage account, you could use storage account key. Please refer to this example.

{
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "name": "[concat(variables('vmName'),'/', variables('extensionName'))]",
      "apiVersion": "[variables('apiVersion')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
      ],
      "properties": {
        "publisher": "Microsoft.Azure.Extensions",
        "type": "CustomScript",
        "typeHandlerVersion": "2.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "fileUris": "[split(parameters('fileUris'), ' ')]",
          "commandToExecute": "[parameters('commandToExecute')]"
        },
        "protectedSettings": {
          "storageAccountName": "[parameters('customScriptStorageAccountName')]",
          "storageAccountKey": "[parameters('customScriptStorageAccountKey')]"
        }
      }
    }



回答3:


No, it does not support SAS tokens. Refer to this feedback item:

https://github.com/Azure/azure-linux-extensions/issues/105



来源:https://stackoverflow.com/questions/43752262/azure-vm-custom-script-extension-sas-token-support

标签
azure
azure-virtual-machine
azure-resource-manager
azure-template
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!