Bicep:无法将存储帐户设置为 Web 应用程序资源
Bicep: unable to set storage account to web app resource
我有一些使用 Azure CLI、Az 模块和 ARM 模板的经验...无论如何,我正在尝试将存储帐户设置为 Web 应用程序的问题。
这是 bicep 来源(仍在进行中):
@allowed([
'dev'
'qta'
'ppd'
'prd'
])
param targetEnv string = 'dev'
@allowed([
'southafricanorth'
'southafricawest'
'northeurope'
'westeurope'
'australiaeast'
'australiasoutheast'
'australiacentral'
'australiacentral2'
'eastasia'
'southeastasia'
'brazilsouth'
'brazilsoutheast'
'centralus'
'eastus'
'eastus2'
'westus'
'westus2'
'westus3'
'northcentralus'
'southcentralus'
])
param location string = 'westeurope'
param planName string = 'testplan1'
param planGroup string = 'rgdoftempdev'
var locationMap = {
'southafricanorth': 'af'
'southafricawest': 'af'
'northeurope': 'eu'
'westeurope': 'eu'
'australiaeast': 'pc'
'australiasoutheast': 'pc'
'australiacentral': 'pc'
'australiacentral2': 'pc'
'eastasia': 'as'
'southeastasia': 'as'
'brazilsouth': 'sa'
'brazilsoutheast': 'sa'
'centralus': 'us'
'eastus': 'us'
'eastus2': 'us'
'westus': 'us'
'westus2': 'us'
'westus3': 'us'
'northcentralus': 'us'
'southcentralus': 'us'
}
var locationAcr = locationMap[location]
// var hash = substring(uniqueString(subscription().subscriptionId), 0, 4)
var appName = 'bvdof'
var insightsName = '${appName}-appinsights-${locationAcr}-${targetEnv}'
var storageName = '${appName}sa${locationAcr}${targetEnv}'
var webAppName = '${appName}-webapp-${locationAcr}-${targetEnv}'
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
name: insightsName
location: location
kind: 'web'
properties: {
Application_Type: 'web'
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
}
}
resource webApplication 'Microsoft.Web/sites@2021-02-01' = {
dependsOn: [
appInsights
storageAccount
]
name: webAppName
location: resourceGroup().location
kind: 'app'
properties: {
httpsOnly: true
serverFarmId: '/subscriptions/${subscription().id}/resourceGroups/${planGroup}/providers/Microsoft.Web/serverfarms/${planName}'
clientAffinityEnabled: true
siteConfig: {
appSettings: [
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsights.properties.InstrumentationKey
}
// {
// name: 'AzureWebJobsDashboard'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
// {
// name: 'AzureWebJobsStorage'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageName};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
}
{
name: 'WEBSITE_CONTENTSHARE'
value: webAppName
}
{
name: 'ANCM_ADDITIONAL_ERROR_PAGE_LINK'
value: 'https://${webAppName}.scm.azurewebsites.net/detectors?type=tools&name=eventviewer'
}
{
name: 'APPINSIGHTS_PROFILERFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPINSIGHTS_SNAPSHOTFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: 'InstrumentationKey=${appInsights.properties.InstrumentationKey};IngestionEndpoint=https://${location}.in.applicationinsights.azure.com/'
}
]
}
}
}
这是我在部署部分失败(创建存储和应用洞察)后收到的错误:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\",\r\n \"Target\": null,\r\n \"Details\": [\r\n {\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n },\r\n {\r\n \"Code\": \"BadRequest\"\r\n },\r\n {\r\n \"ErrorEntity\": {\r\n \"ExtendedCode\": \"01020\",\r\n
\"MessageTemplate\": \"There was a conflict. {0}\",\r\n \"Parameters\": [\r\n \"The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n ],\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n }\r\n }\r\n ],\r\n \"Innererror\": null\r\n}"}]}}
这个定义有什么问题?
我测试了您的代码并遇到了与您在下面看到的相同的错误:
代码中的错误是您使用的是 Premium_LRS sku,种类是 storageV2。因此,它不会在存储帐户中仅创建 Blob 服务中的文件服务。因此,应用无法找到存储帐户文件服务器的远程名称。
可以有以下两种解法:
- 只需将存储帐户资源中的 Sku 名称从
Premium_LRS 更改为 Standard_LRS,如下所示:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
输出:
- 如果您想使用
Premium_LRS 然后将种类更改为 FileStorage 而不是 StorageV2 如下所示,以便它创建一个具有文件服务而不是 Blob 服务的高级存储帐户:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'FileStorage'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
输出:
我有一些使用 Azure CLI、Az 模块和 ARM 模板的经验...无论如何,我正在尝试将存储帐户设置为 Web 应用程序的问题。
这是 bicep 来源(仍在进行中):
@allowed([
'dev'
'qta'
'ppd'
'prd'
])
param targetEnv string = 'dev'
@allowed([
'southafricanorth'
'southafricawest'
'northeurope'
'westeurope'
'australiaeast'
'australiasoutheast'
'australiacentral'
'australiacentral2'
'eastasia'
'southeastasia'
'brazilsouth'
'brazilsoutheast'
'centralus'
'eastus'
'eastus2'
'westus'
'westus2'
'westus3'
'northcentralus'
'southcentralus'
])
param location string = 'westeurope'
param planName string = 'testplan1'
param planGroup string = 'rgdoftempdev'
var locationMap = {
'southafricanorth': 'af'
'southafricawest': 'af'
'northeurope': 'eu'
'westeurope': 'eu'
'australiaeast': 'pc'
'australiasoutheast': 'pc'
'australiacentral': 'pc'
'australiacentral2': 'pc'
'eastasia': 'as'
'southeastasia': 'as'
'brazilsouth': 'sa'
'brazilsoutheast': 'sa'
'centralus': 'us'
'eastus': 'us'
'eastus2': 'us'
'westus': 'us'
'westus2': 'us'
'westus3': 'us'
'northcentralus': 'us'
'southcentralus': 'us'
}
var locationAcr = locationMap[location]
// var hash = substring(uniqueString(subscription().subscriptionId), 0, 4)
var appName = 'bvdof'
var insightsName = '${appName}-appinsights-${locationAcr}-${targetEnv}'
var storageName = '${appName}sa${locationAcr}${targetEnv}'
var webAppName = '${appName}-webapp-${locationAcr}-${targetEnv}'
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
name: insightsName
location: location
kind: 'web'
properties: {
Application_Type: 'web'
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
}
}
resource webApplication 'Microsoft.Web/sites@2021-02-01' = {
dependsOn: [
appInsights
storageAccount
]
name: webAppName
location: resourceGroup().location
kind: 'app'
properties: {
httpsOnly: true
serverFarmId: '/subscriptions/${subscription().id}/resourceGroups/${planGroup}/providers/Microsoft.Web/serverfarms/${planName}'
clientAffinityEnabled: true
siteConfig: {
appSettings: [
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsights.properties.InstrumentationKey
}
// {
// name: 'AzureWebJobsDashboard'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
// {
// name: 'AzureWebJobsStorage'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageName};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
}
{
name: 'WEBSITE_CONTENTSHARE'
value: webAppName
}
{
name: 'ANCM_ADDITIONAL_ERROR_PAGE_LINK'
value: 'https://${webAppName}.scm.azurewebsites.net/detectors?type=tools&name=eventviewer'
}
{
name: 'APPINSIGHTS_PROFILERFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPINSIGHTS_SNAPSHOTFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: 'InstrumentationKey=${appInsights.properties.InstrumentationKey};IngestionEndpoint=https://${location}.in.applicationinsights.azure.com/'
}
]
}
}
}
这是我在部署部分失败(创建存储和应用洞察)后收到的错误:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\",\r\n \"Target\": null,\r\n \"Details\": [\r\n {\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n },\r\n {\r\n \"Code\": \"BadRequest\"\r\n },\r\n {\r\n \"ErrorEntity\": {\r\n \"ExtendedCode\": \"01020\",\r\n
\"MessageTemplate\": \"There was a conflict. {0}\",\r\n \"Parameters\": [\r\n \"The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n ],\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n }\r\n }\r\n ],\r\n \"Innererror\": null\r\n}"}]}}
这个定义有什么问题?
我测试了您的代码并遇到了与您在下面看到的相同的错误:
代码中的错误是您使用的是 Premium_LRS sku,种类是 storageV2。因此,它不会在存储帐户中仅创建 Blob 服务中的文件服务。因此,应用无法找到存储帐户文件服务器的远程名称。
可以有以下两种解法:
- 只需将存储帐户资源中的 Sku 名称从
Premium_LRS更改为Standard_LRS,如下所示:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
输出:
- 如果您想使用
Premium_LRS然后将种类更改为FileStorage而不是StorageV2如下所示,以便它创建一个具有文件服务而不是 Blob 服务的高级存储帐户:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'FileStorage'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
输出: