Terraform virtual machine extension doesn't run as expected

Question

maybe someone can help me with my situation.

Scenerio: I created a terraform script which create a windows 10 Virtual machine in Azure. At the end the terraform script download a powershell file from a blobb storage and execute it with "virtual machine extension" on the vm created before.

The PowerShell Script will download and install software on the vm.

unfortunately on the machine are only 3 from the 5 software products which should be deployed on the vm.

But when i run the PowerShell script on the machine manual there is no problem with the installation so i think there is a problem with terraform.

Terraform Script:

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "~>2.0"
    }
  }
}

provider "azurerm" {
  features {}

}




resource "azurerm_resource_group" "rg-vm" {
  name     = var.rg_name
  location = var.rg_location
}

resource "azurerm_virtual_network" "vnet" {
  name                = var.vnet_name
  location            = azurerm_resource_group.rg-vm.location
  resource_group_name = azurerm_resource_group.rg-vm.name
  address_space       = var.vnet_address_space
}

resource "azurerm_subnet" "defaultSubnet" {
  name           = var.vnet_subnet_name
  resource_group_name = azurerm_resource_group.rg-vm.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes = var.vnet_subnet_address
}

resource "azurerm_public_ip" "test" {
  name                    = "test-pip"
  location                = azurerm_resource_group.rg-vm.location
  resource_group_name     = azurerm_resource_group.rg-vm.name
  allocation_method       = "Dynamic"
  idle_timeout_in_minutes = 30

  tags = {
    environment = "test"
  }
}



resource "azurerm_network_interface" "vm_nic" {
  name                = "nic-${var.vm_name}"
  location            = azurerm_resource_group.rg-vm.location
  resource_group_name = azurerm_resource_group.rg-vm.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.defaultSubnet.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = "${azurerm_public_ip.test.id}"
    
  }
}


resource "azurerm_windows_virtual_machine" "vm_init" {
  depends_on = [
      azurerm_network_interface.vm_nic
  ]
  
  name                = var.vm_name
  resource_group_name = azurerm_resource_group.rg-vm.name
  location            = azurerm_resource_group.rg-vm.location
  size                = var.vm_size
  admin_username      = "vmadmin"
  admin_password      = "!Password1234!"
  
  network_interface_ids = [
    "${azurerm_resource_group.rg-vm.id}/providers/Microsoft.Network/networkInterfaces/nic-${var.vm_name}"
  ]

  
  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }

  source_image_reference {
    publisher = var.vm_source_publisher
    offer     = var.vm_source_offer
    sku       = var.vm_source_sku
    version   = var.vm_source_version
  }

  tags = {
    environment = "Temp"
  }

}

resource "azurerm_virtual_machine_extension" "software" {
  name                 = "install-software"
  virtual_machine_id   = azurerm_windows_virtual_machine.vm_init.id
  publisher            = "Microsoft.Compute"
  type                 = "CustomScriptExtension"
  type_handler_version = "1.9"
 
  protected_settings = <<PROTECTED_SETTINGS
    {
      "commandToExecute": "powershell.exe -Command \"./final.ps1; exit 0;\""
    }
  PROTECTED_SETTINGS

  settings = <<SETTINGS
    {
        "fileUris": [
          "https://blobtest221.blob.core.windows.net/sap/final.ps1"
        ]
    }
  SETTINGS
}

PowerShell Script:

##################################################
# Download and Install SAP GUI
##################################################
$downloadurl ="https://blobtest221.blob.core.windows.net/sap/SAP_GUI_installer.zip"
$filepath="C:\temp\SAP_GUI_installer.zip"
$folderpathunzip="C:\temp\"


#Download SAP ZIP
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($downloadurl,$filepath)

$Job = Register-ObjectEvent -InputObject $WebClient -EventName DownloadStringCompleted -Action {
    Write-Host 'Download completed'
    $EventArgs.Result
}
$WebClient.DownloadStringAsync([Uri]"<URI>")
Receive-Job -job $Job


#EXPAND SAP ZIP
Expand-Archive -LiteralPath $filepath -DestinationPath $folderpathunzip

 $ExePath = Get-ChildItem -Path "C:\temp\" -Include SAP_GUI_installer.exe -File -Recurse -ErrorAction SilentlyContinue
        If($ExePath.Exists)
        {
        Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/⁠Product='SAPGUI' /silent" -Wait -PassThru
        Get-Process -Name "SAP_GUI_installer" -ErrorAction SilentlyContinue | Wait-Process
        }

##################################################
# Download and Install Adobe Reader ENG
##################################################

#Set Variables
$downloadurl ="https://blobtest221.blob.core.windows.net/sap/AcroRdrDC2200120117_en_US.exe"
$filepath="C:\temp\AcroRdrDC2200120117_en_US.exe"
$folderpathunzip="C:\temp\"
$exepath="C:\temp\AcroRdrDC2200120117_en_US.exe"

#Download Adobe Reader ENG.EXE
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($downloadurl,$filepath)

$Job = Register-ObjectEvent -InputObject $WebClient -EventName DownloadStringCompleted -Action {
    Write-Host 'Download completed'
    $EventArgs.Result
}
$WebClient.DownloadStringAsync([Uri]"<URI>")
Receive-Job -job $Job

#Install readerdc64_en_xa_crd_install.exe

Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/sAll /rs /msi EULA_ACCEPT=YES" -PassThru
$ExePath = Get-ChildItem -Path "C:\temp\" -Include AcroRdrDC2200120117_en_US.exe.exe -File -Recurse -ErrorAction SilentlyContinue
        If($ExePath.Exists)
        {
        Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/sAll /rs /msi EULA_ACCEPT=YES" -Wait -PassThru
        Get-Process -Name "AcroRdrDC2200120117_en_US" -ErrorAction SilentlyContinue | Wait-Process
        }
##################################################
# Download and Install 7Zip
##################################################

#Set Variables
$downloadurl ="https://www.7-zip.org/a/7z2107-x64.exe"
$filepath="C:\temp\7z2107-x64.exe"
$folderpathunzip="C:\temp\"
$exepath="C:\temp\7z2107-x64.exe"

#Download SAP ZIP
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($downloadurl,$filepath)

$Job = Register-ObjectEvent -InputObject $WebClient -EventName DownloadStringCompleted -Action {
    Write-Host 'Download completed'
    $EventArgs.Result
}
$WebClient.DownloadStringAsync([Uri]"<URI>")
Receive-Job -job $Job
#Remove-Item -Path $filepath -Force

#Install 7zip.EXE
$ExePath = Get-ChildItem -Path "C:\temp\" -Include 7z2107-x64.exe -File -Recurse -ErrorAction SilentlyContinue
        If($ExePath.Exists)
        {
        Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/S" -Wait -PassThru
        Get-Process -Name "7z2107-x64" -ErrorAction SilentlyContinue | Wait-Process
        }
##################################################
# Download and Install Chrome Business english
##################################################

#Set Variables
$downloadurl ="https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE06BA704-3462-1EC2-56B7-F3FDB87D71E1%7D%26lang%3Den%26browser%3D4%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dtrue%26ap%3Dx64-stable-statsdef_0%26brand%3DGCEA/dl/chrome/install/googlechromestandaloneenterprise64.msi"
$filepath="C:\temp\chrome.msi"
$folderpathunzip="C:\temp\"
$exepath="C:\temp\chrome.msi"
$installcommand="/I C:\temp\chrome.msi /quiet"
#Download Chrome Business english
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($downloadurl,$filepath)

$Job = Register-ObjectEvent -InputObject $WebClient -EventName DownloadStringCompleted -Action {
    Write-Host 'Download completed'
    $EventArgs.Result
}
$WebClient.DownloadStringAsync([Uri]"<URI>")
Receive-Job -job $Job
#Remove-Item -Path $filepath -Force

#Install Chrome Business english.EXE
Start-Process msiexec.exe -Wait -ArgumentList $installcommand
$ExePath = Get-ChildItem -Path "C:\temp\" -Include chrome.msi -File -Recurse -ErrorAction SilentlyContinue
        If($ExePath.Exists)
        {
        Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/I C:\temp\chrome.msi /quiet" -Wait -PassThru
        Get-Process -Name "Google Chrome Installer" -ErrorAction SilentlyContinue | Wait-Process
        }
##################################################
# Download and Install Office 365 x86
##################################################

#Set Variables

$exepath="C:\temp\setup.exe"
$ExePath = Get-ChildItem -Path "C:\temp\" -Include setup.exe -File -Recurse -ErrorAction SilentlyContinue
        If($ExePath.Exists)
        {
        Start-Process -NoNewWindow -FilePath $exepath -ArgumentList "/configure C:\temp\office_ep_x86.xml" -Wait -PassThru
        Get-Process -Name "setup" -ErrorAction SilentlyContinue | Wait-Process
        }

I hope someone maybe have an idea what could be the problem.

Greetings, themrt933

Answer 1

Try setting the -ExecutionPolicy Unrestricted

"commandToExecute": "powershell.exe -ExecutionPolicy Unrestricte -Command \"./final.ps1; exit 0;\""

Also, check the status message at the extension level and what it is saying.