部署 ARM 模板时出现内部服务器错误
Internal server error when deploying ARM Template
我正在部署包含以下资源的 arm 模板
Microsoft.Storage/storageAccount
Microsoft.Sql/servers
Microsoft.Sql/servers/auditPolicies
现在一切正常,直到我开始更改 auditPolicies 对象的值。以下是 InternalServerError 发生之前我采取的步骤。
- 添加了
auditState 属性 并将其值设置为 Disabled。部署成功。
- 将
auditState 属性 更改为 Enabled。部署失败。错误指出 storageAccountName 是必需的。
- 添加了
storageAccountName并将其值设置为存储帐户的名称。部署失败。错误指出 storageAccountKey.
- 添加了
storageAccountKey 并将其值设置为存储帐户 keys 对象的 key1。部署失败。内部服务器错误 - "An Error has occurred while saving Auditing settings, please try again later"。此外,这些错误会导致部署无限期 运行。虽然我不关心那方面。
以下是完整的模板。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"app-name-prefix": {
"type": "string",
"minLength": 1
},
"app-locations": {
"type": "array",
"minLength": 1
},
"app-friendly-names": {
"type": "array",
"minLength": 1
},
"db-user-admin-username": {
"type": "securestring"
},
"db-user-admin-password": {
"type": "securestring"
},
"database-audit-enabled": {
"defaultValue": "Enabled",
"allowedValues": [
"Enabled",
"Disabled"
],
"type": "string"
},
"storage-kind": {
"defaultValue": "BlobStorage",
"allowedValues": [
"StorageV2",
"BlobStorage"
],
"type": "string"
},
"storage-sku": {
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS",
"Premium_LRS"
],
"type": "string"
}
},
"variables": {
"db-service-name": "[concat(parameters('app-name-prefix'), '-database-service-')]",
"storage-name": "[concat(toLower(parameters('app-name-prefix')), 'auditstorage')]"
},
"resources": [
{
"name": "[concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()])]",
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('storage-sku')]"
},
"kind": "[parameters('storage-kind')]",
"apiVersion": "2018-02-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"copy": {
"count": "[length(parameters('app-locations'))]",
"name": "storageCopy"
},
"properties": {
"supportsHttpsTrafficOnly": true,
"accessTier": "Hot",
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
},
{
"type": "Microsoft.Sql/servers",
"name": "[concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()])]",
"apiVersion": "2014-04-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"copy": {
"name": "databaseServiceCopy",
"count": "[length(parameters('app-locations'))]"
},
"properties": {
"administratorLogin": "[parameters('db-user-admin-username')]",
"administratorLoginPassword": "[parameters('db-user-admin-password')]",
"version": "12.0"
},
"resources": [
{
"type": "auditingPolicies",
"name": "Default",
"apiVersion": "2014-04-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"properties": {
"auditingState": "[parameters('database-audit-enabled')]",
"storageAccountName": "[concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()])]",
"storageAccountKey": "[listKeys(concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').keys[0].value]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()]))]",
"storageCopy"
]
}
]
}
]
}
我遗漏了什么有助于解决这个问题?我需要做什么来阻止这个内部服务器错误?
我已经按照@Pete 的要求添加了完整的模板
联系 Azure 支持后我找到了答案。
资源类型:Microsoft.Sql/servers/auditingPolicies 不再受支持,在接下来的几周内,Azure 资源管理器将不再完全支持它。
此资源类型直接引用 table 审计,据报道,blob 审计已弃用。虽然此时的文档没有直接报告它。所有者将在此 post 之后的几天内更新文档。
要启用审核,您需要使用 Microsoft.Sql/servers/auditingSettings 对象。有关此的文档即将发布,在此之前,您将被引导至此资源类型的数据库版本的文档 Microsoft.Sql/servers/databases/auditingSettings。
审核设置的工作方式与 Auto-Tuning Advisor 非常相似。您可以设置服务器或数据库级别设置。如果没有直接配置数据库,服务器设置将被数据库继承。
这是我使用的 auditingSettings 对象的示例,而不是上面的 auditingPolicies 对象。它的嵌套是一样的。
{
"apiVersion": "2017-03-01-preview",
"type": "auditingSettings",
"name": "DefaultAuditingSettings",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()]))]",
"storageCopy"
],
"properties": {
"state": "Enabled",
"storageEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts', '/', variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').primaryEndpoints.blob]",
"storageAccountAccessKey": "[listKeys(concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').keys[0].value]",
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"isStorageSecondaryKeyInUse": false,
"retentionDays": "30"
}
}
我正在部署包含以下资源的 arm 模板
Microsoft.Storage/storageAccount
Microsoft.Sql/servers
Microsoft.Sql/servers/auditPolicies
现在一切正常,直到我开始更改 auditPolicies 对象的值。以下是 InternalServerError 发生之前我采取的步骤。
- 添加了
auditState属性 并将其值设置为Disabled。部署成功。 - 将
auditState属性 更改为Enabled。部署失败。错误指出storageAccountName是必需的。 - 添加了
storageAccountName并将其值设置为存储帐户的名称。部署失败。错误指出storageAccountKey. - 添加了
storageAccountKey并将其值设置为存储帐户keys对象的key1。部署失败。内部服务器错误 - "An Error has occurred while saving Auditing settings, please try again later"。此外,这些错误会导致部署无限期 运行。虽然我不关心那方面。
以下是完整的模板。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"app-name-prefix": {
"type": "string",
"minLength": 1
},
"app-locations": {
"type": "array",
"minLength": 1
},
"app-friendly-names": {
"type": "array",
"minLength": 1
},
"db-user-admin-username": {
"type": "securestring"
},
"db-user-admin-password": {
"type": "securestring"
},
"database-audit-enabled": {
"defaultValue": "Enabled",
"allowedValues": [
"Enabled",
"Disabled"
],
"type": "string"
},
"storage-kind": {
"defaultValue": "BlobStorage",
"allowedValues": [
"StorageV2",
"BlobStorage"
],
"type": "string"
},
"storage-sku": {
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_RAGRS",
"Premium_LRS"
],
"type": "string"
}
},
"variables": {
"db-service-name": "[concat(parameters('app-name-prefix'), '-database-service-')]",
"storage-name": "[concat(toLower(parameters('app-name-prefix')), 'auditstorage')]"
},
"resources": [
{
"name": "[concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()])]",
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('storage-sku')]"
},
"kind": "[parameters('storage-kind')]",
"apiVersion": "2018-02-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"copy": {
"count": "[length(parameters('app-locations'))]",
"name": "storageCopy"
},
"properties": {
"supportsHttpsTrafficOnly": true,
"accessTier": "Hot",
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
},
{
"type": "Microsoft.Sql/servers",
"name": "[concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()])]",
"apiVersion": "2014-04-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"copy": {
"name": "databaseServiceCopy",
"count": "[length(parameters('app-locations'))]"
},
"properties": {
"administratorLogin": "[parameters('db-user-admin-username')]",
"administratorLoginPassword": "[parameters('db-user-admin-password')]",
"version": "12.0"
},
"resources": [
{
"type": "auditingPolicies",
"name": "Default",
"apiVersion": "2014-04-01",
"location": "[parameters('app-locations')[copyIndex()]]",
"properties": {
"auditingState": "[parameters('database-audit-enabled')]",
"storageAccountName": "[concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()])]",
"storageAccountKey": "[listKeys(concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').keys[0].value]"
},
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()]))]",
"storageCopy"
]
}
]
}
]
}
我遗漏了什么有助于解决这个问题?我需要做什么来阻止这个内部服务器错误?
我已经按照@Pete 的要求添加了完整的模板
联系 Azure 支持后我找到了答案。
资源类型:Microsoft.Sql/servers/auditingPolicies 不再受支持,在接下来的几周内,Azure 资源管理器将不再完全支持它。
此资源类型直接引用 table 审计,据报道,blob 审计已弃用。虽然此时的文档没有直接报告它。所有者将在此 post 之后的几天内更新文档。
要启用审核,您需要使用 Microsoft.Sql/servers/auditingSettings 对象。有关此的文档即将发布,在此之前,您将被引导至此资源类型的数据库版本的文档 Microsoft.Sql/servers/databases/auditingSettings。
审核设置的工作方式与 Auto-Tuning Advisor 非常相似。您可以设置服务器或数据库级别设置。如果没有直接配置数据库,服务器设置将被数据库继承。
这是我使用的 auditingSettings 对象的示例,而不是上面的 auditingPolicies 对象。它的嵌套是一样的。
{
"apiVersion": "2017-03-01-preview",
"type": "auditingSettings",
"name": "DefaultAuditingSettings",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', concat(variables('db-service-name'), parameters('app-friendly-names')[copyIndex()]))]",
"storageCopy"
],
"properties": {
"state": "Enabled",
"storageEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts', '/', variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').primaryEndpoints.blob]",
"storageAccountAccessKey": "[listKeys(concat(variables('storage-name'), parameters('app-friendly-names')[copyIndex()]), '2018-02-01').keys[0].value]",
"storageAccountSubscriptionId": "[subscription().subscriptionId]",
"isStorageSecondaryKeyInUse": false,
"retentionDays": "30"
}
}