创建DevTest Labs VM时Azure管道密钥库问题

时间:2020-10-15 09:08:00

标签: azure cloud azure-pipelines arm-template azure-devtest-labs

我想通过管道流程创建Azure DevTest实验室VM。但是,当我开始部署时,它在“创建Azure DevTest Lab VM”步骤中失败,并且似乎是由于我的密钥库丢失所致。但是在检查了我的密钥库之后,我的秘密存储在其中了,并且权限应该没有问题。

不确定消息“未为用户设置秘密存储”。就是说,这是否意味着我的帐户和密钥库之间存在关联问题?我该如何验证?谢谢。

Run Pipeline Result

代理程序作业:创建DevTest Labs VM Agent job: Create Devtest Lab VM

Win7entx64.json 

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
    "newVMName": {
        "defaultValue": "win7entx64",
        "type": "String"
    },
    "labName": {
        "defaultValue": "my_lab",
        "type": "String"
    },
    "size": {
        "defaultValue": "Standard_A3",
        "type": "String"
    },
    "userName": {
        "defaultValue": "trendkj",
        "type": "String"
    },
    "password": {
        "type": "securestring",
        "defaultValue": "[[[VmPassword]]"
    }
},
"variables": {
    "labSubnetName": "[concat(variables('labVirtualNetworkName'), 'Subnet')]",
    "labVirtualNetworkId": "[resourceId('Microsoft.DevTestLab/labs/virtualnetworks', parameters('labName'), variables('labVirtualNetworkName'))]",
    "labVirtualNetworkName": "[concat('Dtl', parameters('labName'))]",
    "vmId": "[resourceId ('Microsoft.DevTestLab/labs/virtualmachines', parameters('labName'), parameters('newVMName'))]",
    "vmName": "[concat(parameters('labName'), '/', parameters('newVMName'))]"
},
"resources": [
    {
        "type": "Microsoft.DevTestLab/labs/virtualmachines",
        "apiVersion": "2018-10-15-preview",
        "name": "[variables('vmName')]",
        "location": "westus",
        "properties": {
            "labVirtualNetworkId": "[variables('labVirtualNetworkId')]",
            "notes": "Windows 7 Enterprise",
            "galleryImageReference": {
                "offer": "windows-7",
                "publisher": "microsoftwindowsdesktop",
                "sku": "win7-enterprise",
                "osType": "Windows",
                "version": "latest"
            },
            "size": "[parameters('size')]",
            "userName": "[parameters('userName')]",
            "password": "[parameters('password')]",
            "isAuthenticationWithSshKey": false,
            "labSubnetName": "[variables('labSubnetName')]",
            "disallowPublicIpAddress": true,
            "storageType": "Standard",
            "allowClaim": false
        }
    }
],
"outputs": {
    "labVMId": {
        "type": "String",
        "value": "[variables('vmId')]"
    }
}

}

我在密钥保管箱中的秘密

My secret in the Key Vault

密钥保管箱中的我的访问策略

My Access Policy in the Key Vault

2 个答案:

答案 0 :(得分:0)

根据您对臂模板"defaultValue": "[[[VmPassword]]"中的键值的引用,您应该使用secret saved in DevTest Lab。页面如下所示。

enter image description here

如果您要按照问题所示在“密钥库”页面中使用机密,则手臂模板中的引用应如下所示:

"sqlAdministratorLoginPassword": {      
      "reference": {
          "keyVault": {
            "id": "/subscriptions/25abd97b-44a3-4092-8337-xxxx/resourceGroups/mykeyvault/providers/Microsoft.KeyVault/vaults/cmkvtest"
          },
          "secretName": "sqlpassword"
        }       
    }

关于此内容,请参阅此artifact的“ 3.将密钥密钥秘密添加到您的手臂模板”部分。

答案 1 :(得分:-1)

您是否缺少“]”?

[[[VmPassword]] --> [[[VmPassword]]]]

相关问题
最新问题