Azure ARM模板部署中的DSC配置数据参数
问题描述:
我正在使用Azure REST API部署资源组并提供ARM模板。在虚拟机资源中,我有一个类型为DSC
的扩展。的代码片段如下:Azure ARM模板部署中的DSC配置数据参数
{
"resources": [
{
"name": "[concat(variables('VMName'),'/SetupScript')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('DNSLocation')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
],
"tags": {
"displayName": "SetupScript"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "1.7",
"settings": {
"modulesUrl": "[variables('SetupScriptConfigurationFile')]",
"sasToken": "",
"configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
"properties": {
"DomainName": "[parameters('DomainName')]",
"DomainAdminUsername": "[parameters('VMAdminUsername')]",
"DomainAdminPassword": "[parameters('VMAdminPassword')]"
}
},
"protectedSettings": {
}
}
}
]
}
的DSC配置所调用的波纹管所示:
Configuration DNSConfig
{
param
(
[string]$NodeName ='localhost',
[Parameter(Mandatory=$true)][string]$DomainName,
[Parameter(Mandatory=$true)][string]$DomainAdminUsername,
[Parameter(Mandatory=$true)][string]$DomainAdminPassword
)
#Import the required DSC Resources
Import-DscResource -Module xComputerManagement
Import-DscResource -Module xActiveDirectory
$securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
$DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);
Node $NodeName
{ #ConfigurationBlock
WindowsFeature DSCService {
Name = "DSC-Service"
Ensure = "Present"
IncludeAllSubFeature = $true
}
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
IncludeAllSubFeature = $true
}
WindowsFeature RSATTools
{
DependsOn= '[WindowsFeature]ADDSInstall'
Ensure = 'Present'
Name = 'RSAT-AD-Tools'
IncludeAllSubFeature = $true
}
xADDomain SetupDomain {
DomainName= $DomainName
DomainAdministratorCredential= $DomainAdminCred
SafemodeAdministratorPassword= $DomainAdminCred
DependsOn='[WindowsFeature]RSATTools'
}
#End Configuration Block
}
}
,当我在本地运行DSC脚本,以成功生成该DSC脚本MOF文件我需要在哈希表中以通为ConfigurationData像这样:
$ConfigData = @{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...
我现在的问题是,我想通过这种类型的ConfigurationData
通过我首先展示的ARM模板。它甚至有可能吗?如果不是,那么我应该如何设置由VM扩展执行的DSC脚本的ConfigurationData?
谢谢!
答
通过您的配置数据DSC扩展需要将其保存到一个*的.psd1文件,例如:
C:\ PS> Get-Content C:\ConfigurationData.ps1
@{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
然后这个文件上传到您的虚拟机访问的位置,并通过URI在模板的保护设置:
"protectedSettings": {
"DataBlobUri": "https://.../ConfigurationData.psd1"
}
两个建议不相关的原题:
在某些ARM部署期间,DSC扩展版本1.7可能会产生间歇性错误。我建议考虑看看Version 2.0
您可能希望将密码加密,而不是使用PSDscAllowPlainTextPassword的。 DSC Extension使用Azure已经部署到VM的加密证书,因此设置加密非常简单。更多信息here
答
这与see documentation新版本改变。
简而言之,psd1必须与受保护的设置部分下的其他配置元素和SAS令牌位于同一级别。
"settings": {
"configurationData": {
"url": "https://foo.psd1"
}
},
"protectedSettings": {
"configurationDataUrlSasToken": "?dataAcC355T0k3N"
}
非常感谢! :d –