From 6b33ad7aac4c5952d9198dfd84088be297a89b92 Mon Sep 17 00:00:00 2001 From: Billy Robert O'Neal III Date: Wed, 17 Jun 2020 18:49:14 -0700 Subject: [PATCH 1/6] [vcpkg] Fix typo in script name of provision-image.txt for Windows. --- scripts/azure-pipelines/windows/create-vmss.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/azure-pipelines/windows/create-vmss.ps1 b/scripts/azure-pipelines/windows/create-vmss.ps1 index d8cc328904fcb9..b1aa5d0ce8c4ad 100644 --- a/scripts/azure-pipelines/windows/create-vmss.ps1 +++ b/scripts/azure-pipelines/windows/create-vmss.ps1 @@ -195,7 +195,7 @@ New-AzVm ` #################################################################################################### Write-Progress ` -Activity $ProgressActivity ` - -Status 'Running provisioning script provision-image.ps1 in VM' ` + -Status 'Running provisioning script provision-image.txt (as a .ps1) in VM' ` -PercentComplete (100 / $TotalProgress * $CurrentProgress++) Invoke-AzVMRunCommand ` From ce08c50bb705be936dcb61ad8a0e57c75faec67c Mon Sep 17 00:00:00 2001 From: Billy Robert O'Neal III Date: Wed, 17 Jun 2020 19:02:24 -0700 Subject: [PATCH 2/6] [vcpkg] Use SSH keys instead of password authentication to comply with new DevDiv Azure polices that will block creation of password-only Linux VMs. --- scripts/azure-pipelines/linux/create-vmss.ps1 | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/scripts/azure-pipelines/linux/create-vmss.ps1 b/scripts/azure-pipelines/linux/create-vmss.ps1 index e9fc79e7b1675d..e84d245bfacbd9 100755 --- a/scripts/azure-pipelines/linux/create-vmss.ps1 +++ b/scripts/azure-pipelines/linux/create-vmss.ps1 @@ -14,6 +14,10 @@ for more information. This script assumes you have installed Azure tools into PowerShell by following the instructions at https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.6.1 or are running from Azure Cloud Shell. + +This script assumes you have installed an SSH key as per +https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-powershell +and your public key is stored at ~/.ssh/id_rsa.pub #> $Location = 'westus2' @@ -27,6 +31,12 @@ $ProgressActivity = 'Creating Scale Set' $TotalProgress = 10 $CurrentProgress = 1 +if (-Not (Test-Path ~/.ssh/id_rsa.pub)) { + Write-Error 'You need to generate an SSH key first. Try running ssh-keygen.' +} + +$sshPublicKey = Get-Content ~/.ssh/id_rsa.pub -ErrorAction Stop + Import-Module "$PSScriptRoot/../create-vmss-helpers.psm1" -DisableNameChecking #################################################################################################### @@ -174,7 +184,8 @@ $VM = Set-AzVMOperatingSystem ` -VM $VM ` -Linux ` -ComputerName $ProtoVMName ` - -Credential $Credential + -Credential $Credential ` + -DisablePasswordAuthentication $VM = Add-AzVMNetworkInterface -VM $VM -Id $Nic.Id $VM = Set-AzVMSourceImage ` @@ -185,6 +196,12 @@ $VM = Set-AzVMSourceImage ` -Version latest $VM = Set-AzVMBootDiagnostic -VM $VM -Disable + +$VM = Add-AzVMSshPublicKey ` + -VM $VM ` + -KeyData $sshPublicKey ` + -Path "/home/AdminUser/.ssh/authorized_keys" + New-AzVm ` -ResourceGroupName $ResourceGroupName ` -Location $Location ` @@ -269,11 +286,16 @@ $Vmss = Add-AzVmssNetworkInterfaceConfiguration ` -NetworkSecurityGroupId $NetworkSecurityGroup.Id ` -Name $NicName +$VmssPublicKey = New-Object -TypeName 'Microsoft.Azure.Management.Compute.Models.SshPublicKey' ` + -ArgumentList @('/home/AdminUser/.ssh/authorized_keys', $sshPublicKey) + $Vmss = Set-AzVmssOsProfile ` -VirtualMachineScaleSet $Vmss ` -ComputerNamePrefix $LiveVMPrefix ` -AdminUsername AdminUser ` - -AdminPassword $AdminPW + -AdminPassword $AdminPW ` + -LinuxConfigurationDisablePasswordAuthentication $true ` + -PublicKey @($VmssPublicKey) $Vmss = Set-AzVmssStorageProfile ` -VirtualMachineScaleSet $Vmss ` From c4b8b21af85b1305d57d3bb070473676c7fb17d5 Mon Sep 17 00:00:00 2001 From: Billy Robert O'Neal III Date: Wed, 17 Jun 2020 21:08:34 -0700 Subject: [PATCH 3/6] Generate the SSH key on the fly instead of requiring it be created in advance. --- scripts/azure-pipelines/linux/create-vmss.ps1 | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/scripts/azure-pipelines/linux/create-vmss.ps1 b/scripts/azure-pipelines/linux/create-vmss.ps1 index e84d245bfacbd9..4464b1f789493d 100755 --- a/scripts/azure-pipelines/linux/create-vmss.ps1 +++ b/scripts/azure-pipelines/linux/create-vmss.ps1 @@ -15,9 +15,7 @@ This script assumes you have installed Azure tools into PowerShell by following at https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.6.1 or are running from Azure Cloud Shell. -This script assumes you have installed an SSH key as per -https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-powershell -and your public key is stored at ~/.ssh/id_rsa.pub +This script assumes you have installed the OpenSSH Client optional Windows component. #> $Location = 'westus2' @@ -28,17 +26,31 @@ $LiveVMPrefix = 'BUILD' $ErrorActionPreference = 'Stop' $ProgressActivity = 'Creating Scale Set' -$TotalProgress = 10 +$TotalProgress = 11 $CurrentProgress = 1 if (-Not (Test-Path ~/.ssh/id_rsa.pub)) { Write-Error 'You need to generate an SSH key first. Try running ssh-keygen.' } -$sshPublicKey = Get-Content ~/.ssh/id_rsa.pub -ErrorAction Stop Import-Module "$PSScriptRoot/../create-vmss-helpers.psm1" -DisableNameChecking +#################################################################################################### +Write-Progress ` + -Activity $ProgressActivity ` + -Status 'Creating SSH key' ` + -PercentComplete (100 / $TotalProgress * $CurrentProgress++) + +$sshDir = [System.IO.Path]::GetTempPath() + [System.IO.Path]::GetRandomFileName() +mkdir $sshDir +try { + ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P `"`" + $sshPublicKey = Get-Content "$sshDir/key.pub" +} finally { + Remove-Item $sshDir -Recurse -Force +} + #################################################################################################### Write-Progress ` -Activity $ProgressActivity ` From 5265be7ea6de60acb82b2a5e66138c6720083a66 Mon Sep 17 00:00:00 2001 From: Billy O'Neal Date: Thu, 18 Jun 2020 21:06:37 -0700 Subject: [PATCH 4/6] Remove unnecessary sshkeys validation test. --- scripts/azure-pipelines/linux/create-vmss.ps1 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/scripts/azure-pipelines/linux/create-vmss.ps1 b/scripts/azure-pipelines/linux/create-vmss.ps1 index 4464b1f789493d..92782ae609528d 100755 --- a/scripts/azure-pipelines/linux/create-vmss.ps1 +++ b/scripts/azure-pipelines/linux/create-vmss.ps1 @@ -29,11 +29,6 @@ $ProgressActivity = 'Creating Scale Set' $TotalProgress = 11 $CurrentProgress = 1 -if (-Not (Test-Path ~/.ssh/id_rsa.pub)) { - Write-Error 'You need to generate an SSH key first. Try running ssh-keygen.' -} - - Import-Module "$PSScriptRoot/../create-vmss-helpers.psm1" -DisableNameChecking #################################################################################################### From 7630b32887398a68cb2bb863a935bcad02057c75 Mon Sep 17 00:00:00 2001 From: Billy Robert O'Neal III Date: Thu, 18 Jun 2020 22:26:20 -0700 Subject: [PATCH 5/6] Try different quotes as requested by @strega-nil --- scripts/azure-pipelines/linux/create-vmss.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/azure-pipelines/linux/create-vmss.ps1 b/scripts/azure-pipelines/linux/create-vmss.ps1 index 92782ae609528d..dd80014b9213fe 100755 --- a/scripts/azure-pipelines/linux/create-vmss.ps1 +++ b/scripts/azure-pipelines/linux/create-vmss.ps1 @@ -40,7 +40,7 @@ Write-Progress ` $sshDir = [System.IO.Path]::GetTempPath() + [System.IO.Path]::GetRandomFileName() mkdir $sshDir try { - ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P `"`" + ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P '""' $sshPublicKey = Get-Content "$sshDir/key.pub" } finally { Remove-Item $sshDir -Recurse -Force From eb2a27e03a895eaae23a50c9d913e80cb69b41ea Mon Sep 17 00:00:00 2001 From: Billy Robert O'Neal III Date: Fri, 19 Jun 2020 14:30:46 -0700 Subject: [PATCH 6/6] Use string empty. --- scripts/azure-pipelines/linux/create-vmss.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/azure-pipelines/linux/create-vmss.ps1 b/scripts/azure-pipelines/linux/create-vmss.ps1 index dd80014b9213fe..84c83dfeae2f3f 100755 --- a/scripts/azure-pipelines/linux/create-vmss.ps1 +++ b/scripts/azure-pipelines/linux/create-vmss.ps1 @@ -40,7 +40,7 @@ Write-Progress ` $sshDir = [System.IO.Path]::GetTempPath() + [System.IO.Path]::GetRandomFileName() mkdir $sshDir try { - ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P '""' + ssh-keygen.exe -q -b 2048 -t rsa -f "$sshDir/key" -P [string]::Empty $sshPublicKey = Get-Content "$sshDir/key.pub" } finally { Remove-Item $sshDir -Recurse -Force