{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2019-03-01",
"name": "[concat(variables('vmName'), '/InstallCustomScript')]",
"location": "[resourceGroup().location]",
"tags": "[variables('resourceTags')]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
],
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"typeHandlerVersion": "2.1",
"autoUpgradeMinorVersion": true,
"settings": {
"skipDos2Unix": false, // translate script DOS to UNIX (line endings)
"timestamp": 0 // trigger a re-run of the script by changing value of this field
},
"protectedSettings": {
"script": "[parameters('customScript')]"
}
}
}
However, the deployment fails with the following VMExtensionProvisioningError:
DEBUG: AzureQoSEvent: CommandName - New-AzResourceGroupDeployment; IsSuccess - False; Duration - 00:07:18.5872191; Exception - 12:17:41 AM - The deployment 'exfiltrator-ext.armdeploy' failed with error(s). Showing 1 out of 1 error(s).
Status Message: VM has reported a failure when processing extension 'InstallCustomScript'. Error message: "Enable failed: failed to get configuration: error reading extension configuration: failed to parse protected settings: decrypting protected settings failed: error=exit status 2 stderr=Can't open /var/lib/waagent/9AD1B864C4D0DEF3DC34A63E9362A1AF34577813.crt for reading, No such file or directory
140380671340992:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('/var/lib/waagent/9AD1B864C4D0DEF3DC34A63E9362A1AF34577813.crt','r')
140380671340992:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load certificate
"
More information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot (Code:VMExtensionProvisioningError)
CorrelationId: 183aa1fa-159c-41c7-84f5-7d5c82821781;
The deployment works if I make script an unprotected setting.
I'm also seeing the same error with the Microsoft.CPlat.Core.RunCommandLinux extension:
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'RunCommandLinux'. Error message: "Enable failed: failed to
get configuration: error reading extension configuration: failed to parse protected settings: decrypting protected settings
failed: error=exit status 2 stderr=Can't open /var/lib/waagent/B7F12AF1DAB560A2BD8F5328B9A7F5F5BF7E94C7.crt for reading, No such file or directory
140058413711808:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:72:fopen('/var/lib/waagent/B7F12AF1DAB560A2BD8F5328B9A7F5F5BF7E94C7.crt','r')
140058413711808:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:79:
unable to load certificate
"
More information on troubleshooting is available at https://aka.ms/vmextensionlinuxtroubleshoot
ErrorTarget:
StartTime: 3/30/2021 10:29:57 PM
EndTime: 3/30/2021 10:30:20 PM
OperationID: 9a17fdcc-ed12-45fd-88c2-52129bc1ee8f
Status: Failed
Why would this protected setting encryption cert be missing?
I am trying to deploy a custom script extension for Linux per these instructions: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-linux. My template snippet is:
However, the deployment fails with the following
VMExtensionProvisioningError
:The deployment works if I make
script
an unprotected setting.I'm also seeing the same error with the Microsoft.CPlat.Core.RunCommandLinux extension:
Why would this protected setting encryption cert be missing?