I am using Octopus 3.12.5 and have a Run Azure Powershell script step. Within the step I am using a Service Principal account (created as per the instruction here: https://octopus.com/docs/guides/azure-deployments/creating-an-azure-account/creating-an-azure-service-principal-account ). Also within my script I am only using Resource Management cmdlets (i.e. Get-AzureRmServiceBusNamespaceKey).
But whenever I deploy it, I receive error “Get-AzureRmServiceBusNamespaceKey : Run Login-AzureRmAccount to login.” Can you please help me identify what is wrong here and what I need to do. I have gone through the documents and it says that Octopus run Login-AzureRmAccount at the start of the script, if that is the case then why I am getting this error?
$scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
Add-Type -Path $scriptDir\Microsoft.ServiceBus.dll
Write-Output “The [Microsoft.ServiceBus.dll] assembly has been successfully added to the script.”
Create Azure Service Bus namespace
$AuthRule = Get-AzureRmServiceBusNamespaceKey -ResourceGroup -NamespaceName -AuthorizationRuleName RootManageSharedAccessKey
$NamespaceManager = [Microsoft.ServiceBus.NamespaceManager]::CreateFromConnectionString($AuthRule.PrimaryConnectionString);
Thanks for getting in touch and thanks for providing the script.
To help us reproduce, could you please include the full task log for one of these failed deployments?
Currently we have been unable to run this
Get-AzureRmServiceBusNamespaceKey method. Are you using the version of the PowerShell modules bundled with Octopus, or are you using a custom version of the PS modules installed on your server (if so, which version do you have installed)?
I have attached the image showing the modules installed on the server. Also if I log onto the server and run
Get-AzureRMServiceBusNamespaceKey then it works fine. You can find the steps I followed to install PS module here
Full task log is also attached.
Let me know if you need any further information.
ServerTasks-20390.log.txt (15 KB)
I did some more digging and tried to add the Login-AzureRMAccount in my script. I ran the script with these new addition in my local Powershell and it worked. Following is at the start of my script:
$clientID = "My Client ID"
$key = "Service Principal Key"
$SecurePassword = $key | ConvertTo-SecureString -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $clientID, $SecurePassword
Login-AzureRmAccount -Credential $cred -TenantId "Tenant ID" -ServicePrincipal
However, I am still getting the same error
Get-AzureRmServiceBusNamespaceKey : Run Login-AzureRmAccount to login.
If you’re using the “Run an Azure PowerShell script” step, we establish a PowerShell context around your script and Calamari will do the login for you (as can be seen here).
Couple of thoughts…
If you have the latest 3.8 PowerShell modules installed on your server, you can override the version that Octopus has bundled and tell it to just “use the version installed on the server” by setting this variable to false in your project:
Octopus.Action.Azure.UseBundledAzurePowerShellModules. With this value set, Octopus Deploy will not load the bundled Azure PowerShell modules, and PowerShell will automatically load the Azure modules installed on the Octopus Server.
That may save you from bundling your
Microsoft.ServiceBus.dll dll into your package as you are doing.
Interestingly, someone else has a similar issue to what you’re seeing here where, even after login, it was returning with “Get-AzureRmServiceBusNamespaceKey : Run Login-AzureRmAccount to login”
Their answer was “I found that the original login problem was some sort of problem with our AD configuration” which doesn’t really help us.
That said, I was able to spin up a Service Bus namespace and call that method and inspect the resulting object as follows:
$AuthRule = Get-AzureRmServiceBusNamespaceKey -ResourceGroup 'markse-sb1' -NamespaceName 'markse-sb1' -AuthorizationRuleName 'RootManageSharedAccessKey'
Write-Host ($AuthRule | Format-Table | Out-String)
I think the problem may be the way you’ve specified your
AuthorizationRuleName property. Yours does not include quotes.
Could you try that and see if you have any luck?
I will give it a try but I don’t think quotes are the issue, because I can run my script in Powershell ISE without any error and with same User Service Principal.
It worked. I added the variable and the quotes and it worked.