I am using azure devops to perform some tasks on Azure AD. I have prepared powershell script for authenticate to MS graph. I am using Azure devops pipelines, script files are stored on azure devops repo. I am using self hosted agent, its Windows Server 2019, all required modules, MSAL, Graph are installed. I am testing my script locally from OS and it works fine. When I am running azure devop pipeline am facing following error Get-MsalToken : The term 'Get-MsalToken' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try". I am using Powershell task in my pipeline.
I installed Powershell Core on my self hosted agent. In Azure devops pipelines, Powershell task options, I selected option Advanced/Use Powershell Core. I tested my pipeline, all works as expected.
Related
I have Build pipeline and release pipeline in Azure DevOps which works fine. I want to start the website using power shell script which is in repo ,only after post-deployment approvals in release pipeline. Do some initial Manual checks and start the website
Release Pipeline
Task 1: stop website
Task 2: deploy website
Do initial Manual checks before starting the website
Task 3: Start website using post-deployment approvals
I am afraid it is impossible to invoke powershell scripts from post-deployment approvals.
However, if your website is deployed to azure resources. You can run the powershell scripts by Invoking Azure Function from post-deployment gates. You will need to create a Azure function to start the website using powershell script. See document Create a PowerShell function in Azure using Visual Studio Code.
There is another workaround using Manual intervention task instead of post-deployment approvals.
You can add an agentless job to run Manual intervention task(Notify the users to approve) after website is deployed.
And then run the power shell script to start up your website in the next job see below:
I am trying to implement CICD for MDS via Azure Devops.
Below are the steps which I have followed :
Created a self hosted agent which has SSDT installed
Tried executing the MDS Cmd queries from the VM which I created as a self hosted agent and it was a success :
In Azure Devops, used the self hosted agent and CMD task:
And added the inline query :
cd C:\Program Files\Microsoft SQL Server\110\Master Data Services\Configuration
MDSModelDeploy createpackage -service MDS1 -model SalesBI -package "C:\MDS\CICD\SalesBI_CICD.pkg"
And after execution of the pipeline, I am getting the error :
The web configuration file for the Master Data Services instance
cannot be loaded. An error occurred loading a configuration file:
Access to the path 'C:\Program Files\Microsoft SQL Server\110\Master
Data Services\WebApplication\web.config' is denied. (C:\Program
Files\Microsoft SQL Server\110\Master Data
Services\WebApplication\web.config)
So is there anything which I am missing out while setting up the self hosted agent in Devops because executing the same commands by manually logging into the same VM is getting executed successfully.
In the Azure DevOps, If you want to access local file in the azure devops pipeline via self-hosted agent, It accesses the file via service account instead of Personal account, so you can run the cmd locally from your computer, and get error in the azure devops pipeline.
Workaround
We could open check the file permission and configure the service account permission. service account format User/Administrator/Administrators({Agent.ComputerName}\User/Administrator/Administrators)
Also, we could change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I am trying to create RamDisk in DevOps agent servers using PowerShell task from Pipeline. The script can create the Ramdisk rive but unable to format and mount it. Its giving error that it needs elevated prompt.
How I can run PowerShell task with admin privileges in Azure DevOps pipeline
Since you add azure-devops-self-hosted-agent tag, I assume you are using a self-hosted build agent for build. Then you can try to update the build agent to run with an administrator account.
If you configured the agent to run as a service, it starts
automatically. You can view and control the agent running status from
the services snap-in. Run services.msc and look for the agent. If
you need to change the agent's logon account, don't do it from the
Services snap-in. Instead, try to re-configure the agent and run it
with an administrator account.
I have a VSTS release pipeline which provisions a new function app with a Managed Service Identity. My solution includes a shared key vault instance for my app secrets. Key vault allows a maximum of 16 access control entries so I've taken the approach of creating an Azure AD group for applications which I will add application service principals to. All straight forward and workable in PowerShell locally, but I'm not able to figure out a way to do this using hosted build servers in the VSTS release pipeline and a Run Powershell In Azure release task.
The Azure CLI is at version 1.X on the Hosted build server and 2.x on the Hosted 2017 build server
* 1.x doesn't appear to offer AD group manipulation or graph API access
* 2.x does offer az ad group member add but the hosted 2017 build has a problem with New-AzureStorageTable which is used elsewhere in my pipeline, so I can't use it
Similarly, the Azure RM powershell module on the Hosted build server is very old and doesn't appear to support group membership manipulation. The version on the Hosted 2017 server (which I can't use) has commands like Get-AzureRmADGroup but nothing to add a user to that group.
The cmdlet Add-AzureADGroupMember, available in the AAD powershell would be a nice solution, but it's not available on either the Hosted or Hosted 2017 build servers.
I've considered both automation runbooks and direct HTTPS posts to the graph API using the OAuth token available in the release pipeline, but want to stay with PowerShell to keep the number of technologies in my release pipeline as small as possible. I'd also prefer to avoid storing credentials in a secured manner for use in a PowerShell command like Login-AzureRmAccount and rely on the identity of the Service Endpoint I defined for my release pipeline.
Suggestions appreciated.
Since the Hosted agent can’t meet your requirements, you can configure a private build agent (it’s free) on your machine: Deploy an agent on Windows.
Regarding Add-AzureADGroupMember cmdlet, you can install it by calling Install-Module -Name AzureAD through Azure PowerShell task, which works fine on Hosted agent.
Script:
Install-PackageProvider -Name NuGet -Force -Scope CurrentUser
Install-Module -Name AzureAD -Force -Verbose -Scope CurrentUser
I would like to schedule stop/start Azure virtual machines with an Azure automation runbook.
This is what I've done so far. Created new automation runbook from gallery in Azure management portal. Chose 'Stop Windows Azure Virtual Machines on a Schedule' from 'VM Lifecycle Management' (it's this script). Runbook created, went to Author page of this runbook and pressed test. Provided the necessary parameters. Then several errors appeared on the output, starting with this:
1/21/2015 9:15:26 AM, Error: New-ScheduledTaskTrigger : The term 'New-ScheduledTaskTrigger' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At Stop-AzureVMsOnSchedule:41 char:41
Why this cmdlet cannot be found? I tried to upload the ScheduledTasks module in assets menu from my machine (c:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks) but it complained about that the format is invalid.
Could you give me a hint why this script is not working or do you know an alternative what to use for scheduling tasks in an automation runbook?
"Stop Windows Azure Virtual Machines on a Schedule" is an Azure PowerShell script not designed to work as a runbook in Azure Automation. You can see that when you attempt to import it from gallery:
I recommend instead you import the runbook for stopping VMs created by jeffbow. By hooking this runbook up to an Azure Automation schedule asset you will be able to schedule shutting down your Azure VMs:
This script needs to be edited to work in Azure Automation.
New-ScheduledTaskTrigger does not work in Azure Automation environment.
To schedule Automation runbook, use New-AzureAutomationSchedule
Details at https://msdn.microsoft.com/en-us/library/dn690271.aspx