I am able to execute Custom Script Extensions against VMs using Set-AzureRmVMCustomScriptExtension and noticed that Azure App Services have Extensions listed as one of their options:
Extensions add functionality to your App Service. Click add to see the
list of available extensions.
What I would like to achieve is running some PowerShell against the VM hosting an App Service, but can't locate a Resource Manager cmdlet like Set-AzureRmVMCustomScriptExtension. An example is modifying the security of some of the directories of IIS hosting my website to disable anonymous access, and adding a few files to directories of my website. I am able to achieve this using a script against an IaaS Azure VM and am wondering if this will work against an App Service, and if so, how to target the VM of the App Service.
Key actions I take as part of this PowerShell is:
Disable anonymous access to certain directories in IIS
Limit access to certain file types
Edit existing XML files
Add new files to a directory (downloaded via CDN)
Logging into the Kudu interface (Mysite.scm.azure...) I am able to execute some PowerShell via the debug Console option, so I am thinking there has to be a way to run PowerShell via Azure Automation beyond the AzureRm.Websites cmdlets as with the Kudu PowerShell interface I was able to create directories with a plain old create-item cmdlet.
App Service is very different from VM hosting. In App Service, you never get direct access to the VM, and there is generally no way that you can run any script that affects the VM at a global level.
Instead, you are only able to affect the files that make up the Web App, and everything runs under a sandbox.
Related
want to run powershell scripts from a web API hosted in azure. But I am getting Execution Policy error while trying to import modules and when I try to change the execution policy using below code
ps.AddCommand("Set-ExecutionPolicy").AddArgument("Unrestricted")
.AddParameter("Scope", "CurrentUser");
It says Unauthorized access on C:/Powershell.
This works fine in localhost, but not on deployed web api.
Is there a workaround on this or can we not run powershell scritps via hosted api at all?
You can package your PowerShell Scripts into Azure Functions and expose them as Web APIs.
This gives you the added advantage of leveraging bindings with your functions if required, and other platform benefits of Azure Functions like auto scaling.
I have some .exe files which i need to install on VMs in azure using azure automation powershell DSC. Is this possible and how can it be done? The exe files are currently stored in an azure file share.
A similar question was asked here The answer provided was:
If you want to do the install the EXE remotely then the VM needs to be configured to allow for remote management - you can do this via WinRM. See: https://www.penflip.com/powershellorg/secrets-of-powershell-remoting/blob/master/accessing-remote-computers.txt and http://tarkus.me/post/64761019099/windows-azure-vms-remote-management
Setting this up is non-trivial (you need to ensure it's secure). You could also try adding an VM extension to the VM that will do the copy. Since the VM is already provision I think the only option here would be to use DSC though I've never added a DSC extension to a VM post-provisioning, it should work. That would require authoring and staging a DSC script in addition to adding the extension but definitely less complex than enabling remote management.
You should also consider Azure automation, depending on how large scale is your automation projects are. You can find more info and tutorials here
I have ASP.NET Core web application that is hosted in IIS. We also have build server used for continuous integration using Jenkins. Jenkins get latest from GitHub and builds & publish the project in local folder and then execute powershell script to copy published folder to web server. ( it simply copies the files from local folder to network folder using Copy-Item)
The powershell script first stops the remote IIS web site before copying the file. (and i have confirmed that the remote web site is indeed stopped before deploying)
However every now and then we get error while copying files
Copy-Item : The process cannot access the file
\\some_ip\_apps\myapp\UI\UI.dll because it is being used by another
process.
So i have downloaded handle to check who is accessing this file on web server and i turned out its dotnet.exe
How do i stop dotnet.exe remotely or how do i release the handle remotely using powershell
I agree with the other comments about using WebDeploy to simplify your approach a little.
As far as powershell goes the Get-Process and Stop-Process along with normal Remoting stuff will let you shut down dotnet.exe.
All the deployments in my work place are manual. I have been looking at ways to automate all of this using MSBUILD and MS Web Deploy. What I have managed to get working is as follows:
build/compile solutions
run database migrations
deploy directly to website using ms web deploy
All from one MSBUILD script.
This differs slightly from the manual process, as when a new version of a website is deployed manually, it is put into a new folder that is datetime stamped. And then IIS is pointed to the new folder.
My question is, how would I do these last 2 actions? i.e. write to a specific folder that sits a level higher up than the folder the current website points to, and then repoint to the new folder IIS.
Web Deploy does not support this functionality directly. Thankfully it does provide the runCommand provider, which is what you'll end up using.
%windir%\system32\inetsrv\appcmd.exe is the utility you'll use to swap site directories. An example of usage can be found here: How do I change the physical path of web site in IIS7 with APPCMD?
Create a script that calls appcmd. This script will always sit on your destination server. You can either decide to include it as a part of your site deployment, or move it along into the new directory from the old one. The "web deploy user" on the destination machine needs to have the appropriate credentials and access to create directories.
In your MSBUILD script, prior to deployment, call the script on the destination server. E.g.
msdeploy.exe -verb:sync -source:runcommand="C:\path\to\wwwroot\bin\script.bat"
-dest:auto,wmsvc=https://contoso.com:8172/msdeploy.axd,username=%username%,password=%password%
Then deploy as usual
NOTE:
Try to avoid this way of deploying entirely. If you're looking to snapshot your site, consider deploying to a package (zip), and then deploying that package to your destination server. Rollbacks should be handled by deploying an older package, not by repointing to an older directory.
I need on clarification that I have a development server where according to the policy I shouldn't login and run the commands.
So, is there any way that I can deploy my solution using central admin just like as we did through power shell commands.
I search before, but I couldn't get the satisfactory answer?
If you're deploying new wsp, you can run Powershell command "Add-SPSolution -LiteralPath ". If it's an existing wsp, you should retract the existing wsp first before adding the updated wsp. You can check if the wsp either deployed or not in the Central Admin > System Settings > Manage Farm solution. You can also deploy the SP Solution(once added) in Central admin. After deploying it, make sure to restart the Timer Service. Here's how you can deploy the wsp using powershell.
you can setup powershell to run remotely and then use powershell commands to deploy the wsp.
Check this link on enabling powershell to run remotely Configure Remote PowerShell in SharePoint 2010
What kind of solution are you deploying? Is it a farm or sandboxed solution? You can deploy your solutiions via VS2010 without having to login to the server. Or are you referring to items that needs to be deployed via GAC?