Error: "Make sure to create your workspace using a client which support MSI" when deploying Azure ARM template for Machine Learning Services Workpsace

Question

我目前正在尝试使用 ARM 模板和 运行ning 通过 Terraform 编写我们的 Azure 机器学习基础架构的脚本。为了确保模板有效，我首先 运行 使用 Az CLI 从文件中编译它。

我在 Ubuntu 上 运行 使用以下版本的 Az CLI：-

azure-cli                         2.0.78

command-modules-nspkg              2.0.3
core                              2.0.78
nspkg                              3.0.4
telemetry                          1.0.4

Python location '/opt/az/bin/python3'
Extensions directory '/home/blah/.azure/cliextensions'

Python (Linux) 3.6.5 (default, Dec 12 2019, 11:11:33) 
[GCC 8.3.0]

我已经使用 terraform 创建了存储帐户、App Insights 和 Key Vault。

尝试使用 Az CLI 和命令 运行 模板时：-

az group deployment create --name MachineLearning --resource-group data-science --template-file ML_ARM.json --parameters appInsightsName=machine-learning-dev storageAccountName=machinelearningdev keyVaultName=data-science-dev mlApiVersion=2018-11-19 mlWorkspaceName=machine-learning-dev location=uksouth

我收到以下错误：-

Make sure to create your workspace using a client which support MSI

ARM模板如下：-

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "storageAccountName": {
            "type": "string",
            "metadata": {
                "description": "The name of the storage account"
            }
        },
        "appInsightsName" : {
            "type": "string",
            "metadata": {
                "description": "The name of the app insights account"
            }
        },
        "keyVaultName": {
            "type": "string",
            "metadata": {
                "description": "The name of the keyvault resource"
            }
        },
        "mlApiVersion": {
            "type": "string",
            "metadata": {
                "description": "The api version of the ML workspace"
            }
        },
        "mlWorkspaceName": {
            "type": "string",
            "metadata": {
                "description": "The name of the Machine Learning Workspace"
            }
        },
        "location": {
            "type": "string",
            "metadata": {
                "description": "Resource location"
            }
        }
    },
  "resources": [
        {
            "apiVersion": "[parameters('mlApiVersion')]",
            "type": "Microsoft.MachineLearningServices/workspaces",
            "name": "[parameters('mlWorkspaceName')]",
            "location": "[parameters('location')]",
            "sku": {
              "tier": "enterprise",
              "name": "enterprise"
            },
            "properties": {
                "storageAccount": "[resourceId('Microsoft.Storage/storageAccounts',parameters('storageAccountName'))]",
                "applicationInsights": "[resourceId('Microsoft.Insights/components',parameters('appInsightsName'))]",
                "keyVault": "[resourceId('Microsoft.KeyVault/vaults',parameters('keyVaultName'))]"
            }
        }
    ]
}

一些基本的谷歌搜索并没有真正说明这可能是什么问题；机器学习服务的文档和指南模板链接如下：-

https://docs.microsoft.com/en-us/azure/machine-learning/service/how-to-create-workspace-template https://docs.microsoft.com/en-us/azure/templates/microsoft.machinelearningservices/2019-11-01/workspaces

知道问题出在哪里吗？在此先感谢您的指点！

Answer 1

我不熟悉 Terraform 或 ML Services 的强大功能；但是，您提供的错误本身需要配置 MSI 身份验证，这是在您提供的 link 中配置的。

尝试更新您的 ARM 以包括像这样的标识部分：

   ...  },
"identity": {
        "type": "systemAssigned"
      },
                "properties": {
                    "storageAccount": "[resourceId('Microsoft.Storage/storageAccounts',parameters('storageAccountName'))]",
                    "applicationInsights": "[resourceId('Microsoft.Insights/components',parameters('appInsightsName'))]",
                    "keyVault": "[resourceId('Microsoft.KeyVault/vaults',parameters('keyVaultName'))]"
                }

这将创建 Managed Service Identity。