Hosting PowerShell Universal in Azure - Possible?

TmJr75 · August 4, 2020, 11:02am

Hi, since the products now have been merged, are there any guides or methods to host “PowerShell Universal” in Azure? I have seen a few posts and blogs about the Universal Dashboard, but I also need the functionality of the Universal Automation to go along with my dashboard, since I trigger scripts located in Universal Automation.

bhauver · August 4, 2020, 12:42pm

I was able to stand-up a Windows 2016 Server VM in Azure, then follow the instructions here:
https://docs.ironmansoftware.com/config/hosting-iis

Worked great for me!

adam · August 4, 2020, 6:38pm

I’m hosting Poshud.com as an Azure WebApp Docker container. It works great as well.

I’ve messed around with hosting PSU as an Azure WebApp itself (IIS in Azure) but have had limited success. The docker container just worked for me.

TmJr75 · August 4, 2020, 7:53pm

I was able to pull it if I use the Linux version (latest) but if I try the Windows version of Docker, it fails.
(ironmansoftware/universal:1.3.0-windowsservercore-1909)
Did not try others windows versions yet.

adam · August 4, 2020, 7:55pm

Hmmm. I wonder if we need a full (not server core) version base image.

TmJr75 · August 4, 2020, 8:03pm

Looks like it, I am now pulling the “ironmansoftware/universal:preview”, and this does not fail when you start to deploy it, the core version fails immediately.
It succeeded deployment, but looks like it fails to start up.
Linux version started up.

TmJr75 · August 4, 2020, 9:03pm

Well, that was easier than expected…
Linux version hosted as an web app:

Given that this is the linux version, I only have PowerShell version 7 available, if the Windows docker image would have worked, I would have 5.x and 7 available?

adam · August 4, 2020, 10:04pm

Yep. I’ll build and push a new docker image tomorrow based on the full Windows PowerShell image so you can have access to both 5 and 7.

TmJr75 · August 7, 2020, 11:00am

Im hitting F5 on the docker page but no updates If I had a working Windows install, I could start to host my dashboard in Azure.

One question if we host it like this, and there is an update to the image, the license will still be valid if we do a new pull on the image ?

I have not worked much with Docker but starting with Azure DevOps now so having the dashboard as a solution there would be nice.

adam · August 9, 2020, 1:52pm

Sorry. I ran into a snag. The problem is that the PowerShell team does not produce anything but Server Core and Nano Server builds. This means that we would have to produce our own full server build with the PowerShell 7 binaries.

Is PowerShell 7 important for you? We could produce a Windows image that just had Windows PowerShell on it.

The license will still work between pulls as long as you configure persistence correctly for your docker container.

TmJr75 · August 9, 2020, 4:12pm

For the tasks I run I do not need PowerShell 7. I just connect to Azure with Graph(webrequest), AzureAD and Exchange Online module.

Does the credential vault within PowerShell Universal work in Azure? (If you have tested that.) Linux one does not, but I guess use KeyVault or other services to host the credentials in Azure.

adam · August 9, 2020, 7:12pm

Ok. I should be able to put together an image using a stock Windows Server as the base.

The credential storage in PSU uses the Secret Management module by the PS Team which doesn’t yet support Linux.

TmJr75 · August 30, 2020, 5:58pm

Started using the docker image now, and it starts up, and I have been able to add the modules I need for my dashboard, so I will have to migrate my dashboard as well now, but looks good for now here Using the Core version for Windows by the way. Does not look like I need the full image now that it works

TmJr75 · September 1, 2020, 1:32pm

A challenge is to get the image persistant, as I store the variables.
If I run the dockerfile configuration from: https://docs.ironmansoftware.com/getting-started/docker#persistent-data I get the following error.

(My environment is a Windows Machine, my Docker is set to use Windows containers)

PS C:\Development\containers> docker build . --tag=universal-persistent

Sending build context to Docker daemon 2.048kB
Step 1/9 : FROM ironmansoftware/universal:1.3.1-windowsservercore-1809
—> cdb74f14e68b
Step 2/9 : LABEL description=“Universal - The ultimate platform for building web-based IT Tools”
—> Running in 156e7f664354
Removing intermediate container 156e7f664354
—> fd2e9f9f861b
Step 3/9 : EXPOSE 5000
—> Running in ff36291a428b
Removing intermediate container ff36291a428b
—> e2d8c54c7f2e
Step 4/9 : VOLUME ["/data"]
Unrecognised volume spec: invalid volume specification: ‘/data’
PS C:\Development\containers>

Only thing changed is the image used in FROM.

Dockerfile

FROM ironmansoftware/universal:1.3.1-windowsservercore-1809
LABEL description=“Universal - The ultimate platform for building web-based IT Tools”
EXPOSE 5000
VOLUME ["/data"]
ENV Data__RepositoryPath ./data/Repository
ENV Data__ConnectionString ./data/database.db
ENV UniversalDashboard__AssetsFolder ./data/UniversalDashboard
ENV Logging__Path ./data/logs/log.txt
ENTRYPOINT ["./home/Universal/Universal.Server"]

Any tips?

adam · September 1, 2020, 4:42pm

I’ll update the docs for this but I think we need to make these adjustments since it’s a windows container.

FROM ironmansoftware/universal:1.3.1-windowsservercore-1809
LABEL description="Universal - The ultimate platform for building web-based IT Tools" 

EXPOSE 5000
VOLUME ["C:/data"]
ENV Data__RepositoryPath C:/data/Repository
ENV Data__ConnectionString C:/data/database.db
ENV UniversalDashboard__AssetsFolder C:/data/UniversalDashboard 
ENV Logging__Path C:/data/logs/log.txt
ENTRYPOINT ["C:/ProgramData/Universal/Universal.Server.exe"]

TmJr75 · September 1, 2020, 7:53pm

Here is my Dockerfile for now (Windows image, windows machine, make sure your Dockerfile is in capital letter) if anyone would like to have a windows example.
This installs the modules I need to create a new image.

docker image and label

FROM ironmansoftware/universal:1.3.1-windowsservercore-1809
LABEL description=“Universal - The ultimate platform for building web-based IT Tools”

Install required modules in the docker image

RUN PowerShell -command “[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12”
RUN PowerShell -command “install-PackageProvider -Name NuGet -minimumversion 2.8.5.201 -Force”
RUN PowerShell -command “install-Module NuGet -Force”
RUN PowerShell -command “install-Module PowerShellGet -Force -SkipPublisherCheck”
RUN PowerShell -command “install-Module AzureAD -Force”
RUN PowerShell -command “install-Module MsOnline -Force”
RUN PowerShell -command “install-Module ExchangeOnlineManagement -Force”
RUN PowerShell -command “install-Module PartnerCenter -Force”
(these had to be run with PowerShell and not pwsh as many examples use…)

this is the port to access the image on.

EXPOSE 5000

This is to make data folder persistant for use with Universal Automation

VOLUME [“C:/data”]
ENV Data__RepositoryPath C:/data/Repository
ENV Data__ConnectionString C:/data/database.db
ENV UniversalDashboard__AssetsFolder C:/data/UniversalDashboard
ENV Logging__Path C:/data/logs/log.txt
ENTRYPOINT [“C:/ProgramData/Universal/Universal.Server.exe”]

Getting some errors when I import the modules within Universal Automation, and when trying to run the commands as well from CLI, so Im trying the “non core” image now.
Same error with the full image.
If I install the modules manually from the CLI in Docker, it works, but using the Dockerfile installation, the modules are installed, and present, but gives an error (not found a solution for this yet)

This error was because it tried to open up the modern authentication window. (good help from blckpythn from Discord there )

TmJr75 · September 2, 2020, 8:29pm

Any tip on how to read credentials from the buitlinlocalvault from the dashboard?
My script works fine from a local machine, but not in the docker image (I have added the credentials there, and can read them from UA scripts, but unable to call them from the Dashboard itself.)

For example, to get the apptoken to connect to the UA server:
$fullAppToken = (Get-Secret -Name “FullAppToken” -vault BuiltInLocalVault).getnetworkcredential().password

$fullAppToken = (Get-Secret -Name “FullAppToken”).getnetworkcredential().password

Neither of these works. Tried to install the docker container with the Microsoft.PowerShell.SecretManagement module as well, but no luck.

adam · September 2, 2020, 8:36pm

That’s very weird. I would assume it should be the same context.

Can you open the dashboard console (on the info page for the dashboard) and run Get-SecretInfo to see if it returns any secrets?

TmJr75 · September 2, 2020, 8:40pm

Its not a licensed version yet ;( but now that I am getting closer to hosting it in Azure, we will buy a license for it, it has just been a “POC” for now here.

TmJr75 · September 8, 2020, 9:50am

Unfortunately the secret variables are visible but the vault is not in a persistent state, so they need to be added again after a reboot. Looking to use Keyvault instead from within Azure.

Topic		Replies	Views
Deploying Powershell Universal to an Azure container app- Best Practice? PowerShell Universal	0	264	September 14, 2022
Trial user: Unable to fully set up Azure Web App (docker) PowerShell Universal	2	258	February 25, 2024
Docker setup [WIP] PowerShell Universal	10	1419	January 27, 2021
Hosting Question PowerShell Universal	13	943	October 5, 2020
PSU in Azure WebApp - Logging help	3	283	June 7, 2023