使用自动生成的 SAS 令牌启用 Linux 诊断扩展的 Azure ARM 模板
Azure ARM template enabling Linux Diagnostic Extension with automatically generated SAS token
我正在尝试使用新 VM 部署 arm 模板并设置 Linux 诊断 Extension/LAD 而不创建新存储帐户,而是使用现有帐户。我发现这篇文章 https://samcogan.com/generate-sas-tokens-in-arm-teamplates/ 可以使用 "listAccountSas" 并且我已经在 "ProtectedSettings" 中设置:
"storageAccountSasToken":
"[listAccountSas(parameters('existingStorageName'), '2018-07-01',
variables('accountSasProperties')).accountSasToken]"
"resources": [
{vm creation bla bla},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
},
"settings": {
"StorageAccount": "[parameters('existingStorageName')]",
"ladCfg": {
"diagnosticMonitorConfiguration": {
"eventVolume": "Medium",
"metrics": {
"metricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
],
"resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
},
"performanceCounters": {
"sinks": "WADMetricJsonBlob",
"performanceCounterConfiguration": [
{
"annotation": [
{
"displayName": "Memory percentage",
"locale": "en-us"
}
],
"class": "memory",
"counter": "percentusedmemory",
"counterSpecifier": "/builtin/memory/percentusedmemory",
"type": "builtin",
"unit": "Percent"
}
]
},
"syslogEvents": {}
},
"sampleRateInSeconds": 15
}
}
}
},
当我尝试部署模板时,我在验证期间遇到错误:
"InvalidTemplate","message":"Deployment template validation failed:
'The template reference 'myExistingStorageAccount' is not valid: could
not find template resource or resource copy with this name. Please see
https://aka.ms/arm-template-expressions/#reference for usage
details.'."}
根据 MS:
The reference function and list* functions don't create an implicit
dependency when the resource is referred to by its resource ID. To
create an implicit dependency, pass the name of the resource that is
deployed in the same template.
但是,我尝试使用嵌套模板 "create" SAS 令牌并在输出中设置 sasToken.Id 稍后在我的主模板中调用带有 [=32 的诊断扩展=]:
{
"apiVersion": "2017-08-01",
"name": "SasTokenNestedTemplate",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"mode" : "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion" : "2018-03-01",
"type": "Microsoft.Resources/deployments",
"name": "NestedSasTokenCreation",
"properties": {
"sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
}
}
],
"outputs": {
"sasToken": {
"type": "string",
"value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
}
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" },
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
但是还是出现和上面一样的错误。
在此先感谢您的帮助!
你需要给它存储帐户的资源ID,因为它不是模板的一部分,它自己无法计算。
listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken
我正在尝试使用新 VM 部署 arm 模板并设置 Linux 诊断 Extension/LAD 而不创建新存储帐户,而是使用现有帐户。我发现这篇文章 https://samcogan.com/generate-sas-tokens-in-arm-teamplates/ 可以使用 "listAccountSas" 并且我已经在 "ProtectedSettings" 中设置:
"storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
"resources": [
{vm creation bla bla},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
},
"settings": {
"StorageAccount": "[parameters('existingStorageName')]",
"ladCfg": {
"diagnosticMonitorConfiguration": {
"eventVolume": "Medium",
"metrics": {
"metricAggregation": [
{
"scheduledTransferPeriod": "PT1H"
},
{
"scheduledTransferPeriod": "PT1M"
}
],
"resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
},
"performanceCounters": {
"sinks": "WADMetricJsonBlob",
"performanceCounterConfiguration": [
{
"annotation": [
{
"displayName": "Memory percentage",
"locale": "en-us"
}
],
"class": "memory",
"counter": "percentusedmemory",
"counterSpecifier": "/builtin/memory/percentusedmemory",
"type": "builtin",
"unit": "Percent"
}
]
},
"syslogEvents": {}
},
"sampleRateInSeconds": 15
}
}
}
},
当我尝试部署模板时,我在验证期间遇到错误:
"InvalidTemplate","message":"Deployment template validation failed: 'The template reference 'myExistingStorageAccount' is not valid: could not find template resource or resource copy with this name. Please see https://aka.ms/arm-template-expressions/#reference for usage details.'."}
根据 MS:
The reference function and list* functions don't create an implicit dependency when the resource is referred to by its resource ID. To create an implicit dependency, pass the name of the resource that is deployed in the same template.
但是,我尝试使用嵌套模板 "create" SAS 令牌并在输出中设置 sasToken.Id 稍后在我的主模板中调用带有 [=32 的诊断扩展=]:
{
"apiVersion": "2017-08-01",
"name": "SasTokenNestedTemplate",
"type": "Microsoft.Resources/deployments",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"mode" : "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion" : "2018-03-01",
"type": "Microsoft.Resources/deployments",
"name": "NestedSasTokenCreation",
"properties": {
"sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
}
}
],
"outputs": {
"sasToken": {
"type": "string",
"value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
}
}
}
}
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
"location": "[parameters('vmLocation')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "3.0",
"protectedSettings": {
"storageAccountName": "[parameters('existingStorageName')]",
"storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" },
"storageAccountEndPoint": "https://core.windows.net/",
"sinksConfig": {
"sink": [
{
"name": "WADMetricJsonBlob",
"type": "JsonBlob"
}
]
}
但是还是出现和上面一样的错误。 在此先感谢您的帮助!
你需要给它存储帐户的资源ID,因为它不是模板的一部分,它自己无法计算。
listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken