Azure – Custom Script Extension

Hi Friends, Today I am writing about Azure Custom Script Extension (CSE). Azure CSE is basically executes required scripts on virtual machine to configure desired specification once Virtual Machine is in ready states. This helps to setup / configure all required services OR install all prerequisites once VM is up. I will explain here step by step about How to add Custom Script Extension, execute it and find out logs or issues related to Custom Script Extension.

Whenever you want to configure something or update virtual machine (windows or Linux) like configure IIS , update firewall , create some folder, copy files etc.  you need to take RDP (windows) or SSH (Linux) into virtual machine. Taking RDP or SSH access is not feasible in every situation. Your Virtual Network / Network Security Group (NSG) which contains list of security Rules can block you from taking direct access of your Virtual Machine. While doing automation of Virtual Machine/s Deployment you can update your VM using CSE. In your ARM template you can add new resource (section) CSE , this will get execute once your virtual machine is in ‘Running’ state. This Custom Script Extension is useful for post deployment configuration, software installation, or any other configuration / management task etc. This script file or zip (which include multiple scripts) can be downloaded from Azure storage, GitHub or any location which is available publicly via URL. CSE is integrated part of Azure Resource Manager Template, PowerShell, Azure Portal and REST API.

If you are storing this script / scripts on Azure storage, GitHub etc. You will need to download it from source location which will require internet access. To access this source location, you will require to open port in virtual Network, Network security group.

Best Practice: As part of best practice never keep your any file / code on storage as publicly accessible. If you want to access it in CSE use SAS token and add it in your ARM template input parameter list.

Here I will explain how to use Custom Script Extension with Azure Resource Manager template. In this below.

Above JSON code is Resources / section of Azure ARM template. You can see this section Resource Type is Microsoft.Compute/VirtualMachines/Extensions. Extension is basically extra added configuration to Virtual machine. I will explain you complete section here:

Type : “Microsoft.Compute/virtualMachines/extensions”,

Type shows what type of resource is deploying.

Name:  if you observe name it contains virtual machine name + ’customeScriptExtension’ (its string) which mentions on which virtual machine it’s going to deploy.

In Settings -> FileUris is basically source location of your script file. Just like here I have uploaded .ps file on storage and then put URL into ARM template. Custom script Extension will download this file from source location /storage.

Very important part of Custom Script Extension if CommandToExecute where we provide exact command which start execution. Here in example I showed you command ‘Powershell -ExecutionPolicy Unrestricted -File <File Name>’. You need to mention first which script you are providing ? like Powershell or Shellscript or anyother. In next section you need to set ExecutionPolicy. An execution policy is part of the PowerShell security strategy. Execution policies determine whether you can load configuration files, such as your PowerShell profile, or run scripts. And, whether scripts must be digitally signed before they are run. Below is the output of executed ARM template CSE. It has created new folder with name ‘myfolder’ and new text file in this folder with name ‘myfile’. Added text in that file. This all created by PowerShell script using CSE.  

How to check Status of CSE ( Custom Script Extension )

Once you are ARM template is executed successfully you can check status of your CSE in Portal. Go to Virtual machine  à (Settings) Extension tab. Here you will see all list of deployed extensions with its version, status, Type etc.   

For more details click on extension. It will open new bled with all details. In that blade you can click on Detailed status. This will give you complete status details. If its error / exception. It will provide in detail exception.

This is all about Azure Custom script extension. if you want to know more about this topic or any other issue related to this. Please ping me or contact me. Thank you.