ARM 模板 - 部署链接服务时错误的请求失败

ARM template - bad request failed when deploying a linked service

我正在尝试通过 ARM 模板部署突触实例,并且通过 Azure DevOps 门户部署成功,但是当我尝试使用 Azure Keyvault 链接服务部署相同模板时,我遇到以下错误:

##[error]At least one resource deployment operation failed. Please list deployment 
operations for details. Please see https://aka.ms/DeployOperations for usage details. 
##[error]Details: 
##[error]BadRequest: 

检查来自 Synapse 实例的 activity 日志后,我发现了以下内容:

"resourceGroupName": "platform-test-group",
"resourceProviderName": {
    "value": "Microsoft.Synapse",
    "localizedValue": "Microsoft.Synapse"
},
"resourceType": {
    "value": "Microsoft.Synapse/workspaces/linkedservices",
    "localizedValue": "Microsoft.Synapse/workspaces/linkedservices"
},
"resourceId": "/subscriptions/xxxx-xxxx-xxxx-xxxx/resourcegroups/platform-test-group/providers/Microsoft.Synapse/workspaces/synapsedataapp/linkedservices/AzureKeyVault",
"status": {
    "value": "Failed",
    "localizedValue": "Failed"
},
"subStatus": {
    "value": "NotFound",
    "localizedValue": "Not Found (HTTP Status Code: 404)"
},
"submissionTimestamp": "2022-02-01T02:30:31.1471914Z",
"subscriptionId": "xxxx-xxxx-xxxx-xxxx",
"tenantId": "0f44c5d4-xxxx-xxxx-xxxxx",
"properties": {
    "statusCode": "NotFound",
    "serviceRequestId": null,
    "statusMessage": "{\"error\":{\"code\":\"BadRequest\",\"message\":\"\"}}",
    "eventCategory": "Administrative",
    "entity": "/subscriptions/xxxx-xxxx-xxxx-xxxx/resourcegroups/platform-test-group/providers/Microsoft.Synapse/workspaces/synapsedataapp/linkedservices/AzureKeyVault",
    "message": "Microsoft.Synapse/workspaces/linkedservices/write",
    "hierarchy": "xxxx-xxxx-xxxx-xxxx/Enterprise/Group/Group-Test/xxxx-xxxx-xxxx-xxxx"
},
"relatedEvents": []

}

如您所见,当模板尝试部署到未找到的 tenant id 时出现 404 错误,但是,当我通过突触 UI 部署密钥库时,我遇到了 no错误。

下面是我在 ARM 模板中用于将密钥库部署到突触实例的代码片段:

   {
      "name": "[concat(variables('workspaceName'), '/AzureKeyVault')]",
      "type": "Microsoft.Synapse/workspaces/linkedservices",
      "apiVersion": "2021-06-01-preview",
      "properties": {
          "annotations": [],
          "type": "AzureKeyVault",
          "typeProperties": {
              "baseUrl": "https://data-test-kv.vault.azure.net/"
          }
      },
      "dependsOn": [
        "[variables('workspaceName')]"
      ]
    }

我是否缺少某种需要启用的权限或连接?为什么我可以通过 UI 部署成功,但不能通过 ARM 模板部署?任何评论或建议都非常重要,所以请随时评论或改进此问题。

我不得不联系 Microsoft 支持,他们的回复如下:

ARM templates cannot be used to create a linked service. This is due to the fact that linked services are not ARM resources, for examples, synapse workspaces, storage account, virtual networks, etc. Instead, a linked service is classified as an artifact. To still complete the task at hand, you will need to use the Synapse REST API or PowerShell. Below is the link that provides guidance on how to use the API. https://docs.microsoft.com/en-us/powershell/module/az.synapse/set-azsynapselinkedservice?view=azps-7.1.0

ARM 中的此限制仅适用于 Synapse,他们可能会在未来修复此问题。

其他参考资料:

https://feedback.azure.com/d365community/idea/05e41bf1-0925-ec11-b6e6-000d3a4f07b8

https://feedback.azure.com/d365community/idea/48f1bf78-2985-ec11-a81b-6045bd7956bb

与 ADF 不同,在 Synapse 中,linked-services 不是 arm-templates 的一部分。它们被称为工件,它包括:Note Books、Spark Definitions、Linked Services、Pipelines 等

您可以在这里找到完整的文章:https://techcommunity.microsoft.com/t5/azure-synapse-analytics-blog/how-to-use-ci-cd-integration-to-automate-the-deploy-of-a-synapse/ba-p/2248060

简而言之,首先,使用arm模板部署Synapse。然后设置链接服务:

  - task: Synapse workspace deployment@1
    displayName: 'Setup:Synapse KeyVault Linked Service' 
    inputs:
      TemplateFile: '$(Build.Repository.LocalPath)/TemplateForWorkspace.json'
      ParametersFile: '$(Build.Repository.LocalPath)/TemplateParametersForWorkspace.json'
      azureSubscription: '${{ parameters.environments.serviceConnectionId }}'
      ResourceGroupName: '$(computeResourceGroupName)'
      TargetWorkspaceName: '$(synapseWorkspaceName)'
      DeleteArtifactsNotInTemplate: true
      OverrideArmParameters: |
          synapseLinkedServiceKV: $(synapseLinkedServiceKV)
          workspaceName: $(synapseWorkspaceName)
      Environment: 'prod'

TemplateForWorkspace.json:

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workspaceName": {
            "type": "string"
          },
        "synapseLinkedServiceKV": {
            "type": "string"
        }
    },
    "variables": {
        "workspaceId": "[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"
    },
    "resources": [
        {
            "name": "[concat(parameters('workspaceName'), '/' , parameters('synapseLinkedServiceKV'))]",
            "type": "Microsoft.Synapse/workspaces/linkedServices",
            "apiVersion": "2019-06-01-preview",
            "properties": {
                "type": "AzureKeyVault",
                "typeProperties": {
                    "baseUrl": "[concat('https://', parameters('synapseLinkedServiceKV'), '.vault.azure.net/')]"
                },
                "annotations": [],
                "description": "Linked Service to Azure KeyVault. KeyVault is used to primarily fetch secrets"
            },
            "dependsOn": []
        }
    ]
}

TemplateParametersForWorkspace.json:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workspaceName": {
        "value": ""
      },
      "synapseLinkedServiceKV": {
        "value": ""
      }
    }
  }

它删除现有的工件并部署上面的工件。您首先需要在 Synapse workspace deployment@1

的 Azure Devops 上安装任务扩展

注意上面的模板是 auto-generated。在 synapse studio 中,转到 Git Configuration 并将其指向您的存储库。它会将更改提交到分支 workspace_publish。您可以复制并构建特定的工件代码。