Azure ARM 模板部署中的 DSC ConfigurationData 参数
DSC ConfigurationData parameter in Azure ARM template deployment
我正在使用 Azure REST API 部署资源组并提供 ARM 模板。在虚拟机资源中,我有一个 DSC 类型的扩展。代码片段如下:
{
"resources": [
{
"name": "[concat(variables('VMName'),'/SetupScript')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('DNSLocation')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
],
"tags": {
"displayName": "SetupScript"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "1.7",
"settings": {
"modulesUrl": "[variables('SetupScriptConfigurationFile')]",
"sasToken": "",
"configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
"properties": {
"DomainName": "[parameters('DomainName')]",
"DomainAdminUsername": "[parameters('VMAdminUsername')]",
"DomainAdminPassword": "[parameters('VMAdminPassword')]"
}
},
"protectedSettings": {
}
}
}
]
}
正在调用的 DSC 配置如下所示:
Configuration DNSConfig
{
param
(
[string]$NodeName ='localhost',
[Parameter(Mandatory=$true)][string]$DomainName,
[Parameter(Mandatory=$true)][string]$DomainAdminUsername,
[Parameter(Mandatory=$true)][string]$DomainAdminPassword
)
#Import the required DSC Resources
Import-DscResource -Module xComputerManagement
Import-DscResource -Module xActiveDirectory
$securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
$DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);
Node $NodeName
{ #ConfigurationBlock
WindowsFeature DSCService {
Name = "DSC-Service"
Ensure = "Present"
IncludeAllSubFeature = $true
}
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
IncludeAllSubFeature = $true
}
WindowsFeature RSATTools
{
DependsOn= '[WindowsFeature]ADDSInstall'
Ensure = 'Present'
Name = 'RSAT-AD-Tools'
IncludeAllSubFeature = $true
}
xADDomain SetupDomain {
DomainName= $DomainName
DomainAdministratorCredential= $DomainAdminCred
SafemodeAdministratorPassword= $DomainAdminCred
DependsOn='[WindowsFeature]RSATTools'
}
#End Configuration Block
}
}
当我在本地 运行 DSC 脚本时,要成功为此 DSC 脚本生成 MOF 文件,我需要像这样为 ConfigurationData 传递哈希表:
$ConfigData = @{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...
我现在的问题是,我想通过我首先展示的 ARM 模板传递这种类型的 ConfigurationData。有可能吗?如果不是,那么我应该如何设置由VM Extension执行的DSC脚本的ConfigurationData?
谢谢!
要将您的配置数据传递到 DSC 扩展,您需要将其保存到 *.psd1 文件,例如:
C:\ PS> Get-Content C:\ConfigurationData.ps1
@{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
然后将此文件上传到您的 VM 可访问的位置,并在模板的受保护设置中传递 URI:
"protectedSettings": {
"DataBlobUri": "https://.../ConfigurationData.psd1"
}
两条与你原来的问题无关的建议:
DSC 扩展的 1.7 版可能会在某些 ARM 部署期间产生间歇性错误。我建议看看 Version 2.0
您可能想要加密密码而不是使用 PSDscAllowPlainTextPassword。 DSC 扩展使用 Azure 已部署到 VM 的加密证书,因此设置加密非常简单。更多信息 here
这已随较新版本发生变化 see documentation。
简而言之,现在 psd1 必须与受保护设置部分下的其余配置元素和 SAS 令牌位于同一级别。
"settings": {
"configurationData": {
"url": "https://foo.psd1"
}
},
"protectedSettings": {
"configurationDataUrlSasToken": "?dataAcC355T0k3N"
}
我正在使用 Azure REST API 部署资源组并提供 ARM 模板。在虚拟机资源中,我有一个 DSC 类型的扩展。代码片段如下:
{
"resources": [
{
"name": "[concat(variables('VMName'),'/SetupScript')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('DNSLocation')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
],
"tags": {
"displayName": "SetupScript"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "1.7",
"settings": {
"modulesUrl": "[variables('SetupScriptConfigurationFile')]",
"sasToken": "",
"configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
"properties": {
"DomainName": "[parameters('DomainName')]",
"DomainAdminUsername": "[parameters('VMAdminUsername')]",
"DomainAdminPassword": "[parameters('VMAdminPassword')]"
}
},
"protectedSettings": {
}
}
}
]
}
正在调用的 DSC 配置如下所示:
Configuration DNSConfig
{
param
(
[string]$NodeName ='localhost',
[Parameter(Mandatory=$true)][string]$DomainName,
[Parameter(Mandatory=$true)][string]$DomainAdminUsername,
[Parameter(Mandatory=$true)][string]$DomainAdminPassword
)
#Import the required DSC Resources
Import-DscResource -Module xComputerManagement
Import-DscResource -Module xActiveDirectory
$securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
$DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);
Node $NodeName
{ #ConfigurationBlock
WindowsFeature DSCService {
Name = "DSC-Service"
Ensure = "Present"
IncludeAllSubFeature = $true
}
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
IncludeAllSubFeature = $true
}
WindowsFeature RSATTools
{
DependsOn= '[WindowsFeature]ADDSInstall'
Ensure = 'Present'
Name = 'RSAT-AD-Tools'
IncludeAllSubFeature = $true
}
xADDomain SetupDomain {
DomainName= $DomainName
DomainAdministratorCredential= $DomainAdminCred
SafemodeAdministratorPassword= $DomainAdminCred
DependsOn='[WindowsFeature]RSATTools'
}
#End Configuration Block
}
}
当我在本地 运行 DSC 脚本时,要成功为此 DSC 脚本生成 MOF 文件,我需要像这样为 ConfigurationData 传递哈希表:
$ConfigData = @{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...
我现在的问题是,我想通过我首先展示的 ARM 模板传递这种类型的 ConfigurationData。有可能吗?如果不是,那么我应该如何设置由VM Extension执行的DSC脚本的ConfigurationData?
谢谢!
要将您的配置数据传递到 DSC 扩展,您需要将其保存到 *.psd1 文件,例如:
C:\ PS> Get-Content C:\ConfigurationData.ps1
@{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
然后将此文件上传到您的 VM 可访问的位置,并在模板的受保护设置中传递 URI:
"protectedSettings": {
"DataBlobUri": "https://.../ConfigurationData.psd1"
}
两条与你原来的问题无关的建议:
DSC 扩展的 1.7 版可能会在某些 ARM 部署期间产生间歇性错误。我建议看看 Version 2.0
您可能想要加密密码而不是使用 PSDscAllowPlainTextPassword。 DSC 扩展使用 Azure 已部署到 VM 的加密证书,因此设置加密非常简单。更多信息 here
这已随较新版本发生变化 see documentation。
简而言之,现在 psd1 必须与受保护设置部分下的其余配置元素和 SAS 令牌位于同一级别。
"settings": {
"configurationData": {
"url": "https://foo.psd1"
}
},
"protectedSettings": {
"configurationDataUrlSasToken": "?dataAcC355T0k3N"
}