通过 Azure 资源管理器 (ARM) 模板创建 SQL 服务器
Create SQL Server via Azure Resource Manager (ARM) template
我正在尝试创建 SQL 服务器的新 Azure 实例,然后我想在其中创建一些新数据库。
我从 Azure 门户了解到,某种管理员用户可能是:
- 一个 SA 用户(我认为这意味着 "Server Admin" 并且它看起来像是某种管理 SQL 服务器实例的旧方法,但是在同时非常 "basic" 并证明有效)
- 一个 Active Directory 用户(不确定这里的 Azure 术语,但看起来这可能是整个 Azure 平台的一些 "broad user",例如我自己的 Azure 门户登录用户,这不是特定于数据库世界)。
我想创建一个 SQL 服务器,让 SA 用户管理服务器。 在 Azure 门户中,我找不到为 SQL 服务器实例.
的 SA 用户生成 ARM 模板的方法
我正在从一个 10000 行的 ARM 模板中复制粘贴一个很长的 SQL 服务器和数据库列表,但我无法分离出基本步骤来开始一个干净而简短的 ARM 模板与.
这是我要在 Azure 上部署的 ARM 模板:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "westeurope"
},
"foo_sql_server_name": {
"defaultValue": "foo-sql-server",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"kind": "v12.0",
"name": "[parameters('foo_sql_server_name')]",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('location')]",
"scale": null,
"properties": {
"administratorLogin": "<MY_SA_USER_THAT_I_CAN_NOT_CREATE>",
"version": "12.0"
},
"dependsOn": []
}
]
}
当运行上面有:
az group deployment create \
--name "deployDBs" \
--resource-group "MyCustomResourceGroup" \
--template-file ./templates/db.json # --verbose --debug
然后我收到以下错误消息:
Deployment failed. Correlation ID: <A_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Password. Specify a valid parameter value."
}
]
}
}
当删除 JSON 字段 administratorLogin 时(因为希望我可以在其他地方以某种方式创建 SA 用户,但我还必须弄清楚),然后我收到以下错误消息:
Deployment failed. Correlation ID: <ANOTHER_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Login. Specify a valid parameter value."
}
]
}
}
我无法从 10000 行自动生成的 ARM 模板中找到 SA 用户(服务器管理员)对 "username password" 的定义。
在部署 SQL 服务器的新实例时,我如何 create/inject SQL 服务器的 SA 用户?
工作样本:
"name": "name",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"properties": {
"administratorLogin": "somelogin",
"administratorLoginPassword": "somepasswordD1!"
}
请注意,SA 可能不被允许,因为用户名和密码具有复杂性要求
您在本地 SQL 服务器实例上使用的 sa 登录名在 Azure SQL 上被称为管理员登录名。您可以提供管理员登录名及其密码作为参数,如以下示例模板所示:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"yourservernameName": {
"type": "string",
"defaultValue": "yourservername2"
},
"yourservernameAdminLogin": {
"type": "string",
"defaultValue": "VeryWiseAdmin",
"minLength": 1
},
"yourservernameAdminLoginPassword": {
"type": "securestring",
"defaultValue": "ReplaceWithTheMostSecurePasswordThatEverExisted&NeverShareLikeThisWithAnyone!"
},
"dbnameName": {
"type": "string",
"defaultValue": "dbname",
"minLength": 1
},
"dbnameCollation": {
"type": "string",
"minLength": 1,
"defaultValue": "SQL_Latin1_General_CP1_CI_AS"
},
"dbnameEdition": {
"type": "string",
"defaultValue": "Basic"
},
"dbnameRequestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic"
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('yourservernameName')]",
"type": "Microsoft.Sql/servers",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [],
"tags": {
"displayName": "yourservername"
},
"properties": {
"administratorLogin": "[parameters('yourservernameAdminLogin')]",
"administratorLoginPassword": "[parameters('yourservernameAdminLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[concat(parameters('yourservernameName'),'/AllowAllWindowsAzureIps')]",
"type": "Microsoft.Sql/servers/firewallRules",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
}
},
{
"name": "[concat(parameters('yourservernameName'),'/',parameters('dbnameName'))]",
"type": "Microsoft.Sql/servers/databases",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"tags": {
"displayName": "dbname"
},
"properties": {
"collation": "[parameters('dbnameCollation')]",
"edition": "[parameters('dbnameEdition')]",
"maxSizeBytes": "1073741824",
"requestedServiceObjectiveName": "[parameters('dbnameRequestedServiceObjectiveName')]"
}
}
]
}
],
"outputs": {
"SomeString": {
"type": "string",
"value": "What ever you want to put here"
},
"ServerNameParam": {
"type": "string",
"value": "[parameters('yourservernameName')]"
},
"ServerResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
},
"ServerObject": {
"type": "object",
"value": "[reference(parameters('yourservernameName'))]"
},
"SqlServerURL": {
"type": "string",
"value": "[reference(parameters('yourservernameName')).fullyQualifiedDomainName]"
},
"DbResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers/databases', parameters('yourservernameName'), parameters('dbnameName'))]"
},
"DbObject": {
"type": "object",
"value": "[reference(parameters('dbnameName'))]"
},
"DbAdoConnString": {
"type": "string",
"value": "[concat('Server=tcp:',reference(parameters('yourservernameName')).fullyQualifiedDomainName,',1433;Initial Catalog=',parameters('dbnameName'),';Persist Security Info=False;User ID=',reference(parameters('yourservernameName')).administratorLogin,';Password=',reference(parameters('yourservernameName')).administratorLoginPassword,';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]"
}
}
}
我们想为每个资源组创建一个临时的唯一密码,而不必担心模板或参数文件中的密码,因为这些已签入 git。像这样解决:
template.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vulnerabilityAssessments_Default_storageContainerPath": {
"type": "SecureString"
},
"servers_dev_name": {
"defaultValue": "dev-app",
"type": "String"
}
},
"variables": {
"servers_dev_password": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('servers_dev_name')]",
"location": "northeurope",
"kind": "v12.0",
"properties": {
"administratorLogin": "OurSaName",
"administratorLoginPassword": "[variables('servers_dev_password')]",
"version": "12.0",
"publicNetworkAccess": "Enabled"
}
},
“确保我们符合 Azure SQL 数据库策略”您的密码必须包含来自以下三个类别的字符 – 英文大写字母、英文小写字母、数字 (0-9) , 和非字母数字字符(!、$、#、% 等)”,我们在唯一字符串前后为每个类别插入一个字符。
来源:
警告:
如果你添加到你的parameters.json:
"servers_dev_password": {
"value": "[uniqueString(resourceGroup().id)]"
}
并将参数添加到 template.json 实际密码 将是:[uniqueString(resourceGroup().id)].
"servers_dev_password": {
"type": "SecureString"
}
需要注意的是uniqueString的定义是:
Creates a deterministic hash string based on the values provided as
parameters.
这意味着如果您想为每个部署创建一个唯一的密码,它必须看起来像这样:
"parameters": {
"newGuid": {
"type": "string",
"defaultValue": "[newGuid()]"
}
}
"variables": {
"sqlserverAdminPassword": "[concat(uniqueString(guid(resourceGroup().id, deployment().name)), parameters('newGuid'), 'Tg2%')]"
}
您的密码将在每次部署时更新。
我正在尝试创建 SQL 服务器的新 Azure 实例,然后我想在其中创建一些新数据库。
我从 Azure 门户了解到,某种管理员用户可能是:
- 一个 SA 用户(我认为这意味着 "Server Admin" 并且它看起来像是某种管理 SQL 服务器实例的旧方法,但是在同时非常 "basic" 并证明有效)
- 一个 Active Directory 用户(不确定这里的 Azure 术语,但看起来这可能是整个 Azure 平台的一些 "broad user",例如我自己的 Azure 门户登录用户,这不是特定于数据库世界)。
我想创建一个 SQL 服务器,让 SA 用户管理服务器。 在 Azure 门户中,我找不到为 SQL 服务器实例.
的 SA 用户生成 ARM 模板的方法我正在从一个 10000 行的 ARM 模板中复制粘贴一个很长的 SQL 服务器和数据库列表,但我无法分离出基本步骤来开始一个干净而简短的 ARM 模板与.
这是我要在 Azure 上部署的 ARM 模板:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "westeurope"
},
"foo_sql_server_name": {
"defaultValue": "foo-sql-server",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"kind": "v12.0",
"name": "[parameters('foo_sql_server_name')]",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('location')]",
"scale": null,
"properties": {
"administratorLogin": "<MY_SA_USER_THAT_I_CAN_NOT_CREATE>",
"version": "12.0"
},
"dependsOn": []
}
]
}
当运行上面有:
az group deployment create \
--name "deployDBs" \
--resource-group "MyCustomResourceGroup" \
--template-file ./templates/db.json # --verbose --debug
然后我收到以下错误消息:
Deployment failed. Correlation ID: <A_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Password. Specify a valid parameter value."
}
]
}
}
当删除 JSON 字段 administratorLogin 时(因为希望我可以在其他地方以某种方式创建 SA 用户,但我还必须弄清楚),然后我收到以下错误消息:
Deployment failed. Correlation ID: <ANOTHER_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Login. Specify a valid parameter value."
}
]
}
}
我无法从 10000 行自动生成的 ARM 模板中找到 SA 用户(服务器管理员)对 "username password" 的定义。
在部署 SQL 服务器的新实例时,我如何 create/inject SQL 服务器的 SA 用户?
工作样本:
"name": "name",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"properties": {
"administratorLogin": "somelogin",
"administratorLoginPassword": "somepasswordD1!"
}
请注意,SA 可能不被允许,因为用户名和密码具有复杂性要求
您在本地 SQL 服务器实例上使用的 sa 登录名在 Azure SQL 上被称为管理员登录名。您可以提供管理员登录名及其密码作为参数,如以下示例模板所示:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"yourservernameName": {
"type": "string",
"defaultValue": "yourservername2"
},
"yourservernameAdminLogin": {
"type": "string",
"defaultValue": "VeryWiseAdmin",
"minLength": 1
},
"yourservernameAdminLoginPassword": {
"type": "securestring",
"defaultValue": "ReplaceWithTheMostSecurePasswordThatEverExisted&NeverShareLikeThisWithAnyone!"
},
"dbnameName": {
"type": "string",
"defaultValue": "dbname",
"minLength": 1
},
"dbnameCollation": {
"type": "string",
"minLength": 1,
"defaultValue": "SQL_Latin1_General_CP1_CI_AS"
},
"dbnameEdition": {
"type": "string",
"defaultValue": "Basic"
},
"dbnameRequestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic"
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('yourservernameName')]",
"type": "Microsoft.Sql/servers",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [],
"tags": {
"displayName": "yourservername"
},
"properties": {
"administratorLogin": "[parameters('yourservernameAdminLogin')]",
"administratorLoginPassword": "[parameters('yourservernameAdminLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[concat(parameters('yourservernameName'),'/AllowAllWindowsAzureIps')]",
"type": "Microsoft.Sql/servers/firewallRules",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
}
},
{
"name": "[concat(parameters('yourservernameName'),'/',parameters('dbnameName'))]",
"type": "Microsoft.Sql/servers/databases",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"tags": {
"displayName": "dbname"
},
"properties": {
"collation": "[parameters('dbnameCollation')]",
"edition": "[parameters('dbnameEdition')]",
"maxSizeBytes": "1073741824",
"requestedServiceObjectiveName": "[parameters('dbnameRequestedServiceObjectiveName')]"
}
}
]
}
],
"outputs": {
"SomeString": {
"type": "string",
"value": "What ever you want to put here"
},
"ServerNameParam": {
"type": "string",
"value": "[parameters('yourservernameName')]"
},
"ServerResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
},
"ServerObject": {
"type": "object",
"value": "[reference(parameters('yourservernameName'))]"
},
"SqlServerURL": {
"type": "string",
"value": "[reference(parameters('yourservernameName')).fullyQualifiedDomainName]"
},
"DbResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers/databases', parameters('yourservernameName'), parameters('dbnameName'))]"
},
"DbObject": {
"type": "object",
"value": "[reference(parameters('dbnameName'))]"
},
"DbAdoConnString": {
"type": "string",
"value": "[concat('Server=tcp:',reference(parameters('yourservernameName')).fullyQualifiedDomainName,',1433;Initial Catalog=',parameters('dbnameName'),';Persist Security Info=False;User ID=',reference(parameters('yourservernameName')).administratorLogin,';Password=',reference(parameters('yourservernameName')).administratorLoginPassword,';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]"
}
}
}
我们想为每个资源组创建一个临时的唯一密码,而不必担心模板或参数文件中的密码,因为这些已签入 git。像这样解决:
template.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vulnerabilityAssessments_Default_storageContainerPath": {
"type": "SecureString"
},
"servers_dev_name": {
"defaultValue": "dev-app",
"type": "String"
}
},
"variables": {
"servers_dev_password": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('servers_dev_name')]",
"location": "northeurope",
"kind": "v12.0",
"properties": {
"administratorLogin": "OurSaName",
"administratorLoginPassword": "[variables('servers_dev_password')]",
"version": "12.0",
"publicNetworkAccess": "Enabled"
}
},
“确保我们符合 Azure SQL 数据库策略”您的密码必须包含来自以下三个类别的字符 – 英文大写字母、英文小写字母、数字 (0-9) , 和非字母数字字符(!、$、#、% 等)”,我们在唯一字符串前后为每个类别插入一个字符。
来源:
警告:
如果你添加到你的parameters.json:
"servers_dev_password": {
"value": "[uniqueString(resourceGroup().id)]"
}
并将参数添加到 template.json 实际密码 将是:[uniqueString(resourceGroup().id)].
"servers_dev_password": {
"type": "SecureString"
}
需要注意的是uniqueString的定义是:
Creates a deterministic hash string based on the values provided as parameters.
这意味着如果您想为每个部署创建一个唯一的密码,它必须看起来像这样:
"parameters": {
"newGuid": {
"type": "string",
"defaultValue": "[newGuid()]"
}
}
"variables": {
"sqlserverAdminPassword": "[concat(uniqueString(guid(resourceGroup().id, deployment().name)), parameters('newGuid'), 'Tg2%')]"
}
您的密码将在每次部署时更新。