带有KeyVault的ARM模板 - SQL与VM

时间:2017-03-16 10:36:09

标签: azure azure-keyvault arm-template azure-resource-manager

我有一个Azure ARM模板,用于创建SQL Server和VM。两者都引用KeyVault来获取Admin-Password:

"resources": [
    {
      "type": "Microsoft.Sql/servers",
      "kind": "v12.0",
      "name": "[variables('vSqlServerName')]",
      "tags": {
        "Environment": "[parameters('pEnvironment')]",
        "DisplayName": "SQL Server",
        "UDID": "SQLServer" // Unique Deployment ID (for later reference) 
      },
      "apiVersion": "[variables('vSqlAPIVersion')]",
      "location":  "[resourceGroup().location]",
      "properties": {
        "administratorLogin": "[variables('vSqlAdminUser')]",
        "administratorLoginPassword":{
        "reference": {
          "keyVault": {
            "id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
          },
          "secretName": "SQLDW-AdminPassword"
        }
      },
        "version": "12.0"
      },
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "name": "[concat(variables('vSqlVMName'), variables('vSuffixVM'))]",
      "apiVersion": "2015-06-15",
      "location": "[resourceGroup().location]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "Standard_DS5_v2"
        }
        "osProfile": {
          "computerName": "[variables('vSqlVMName')]",
          "adminUsername": "[variables('vWinAdminUser')]",
          "windowsConfiguration": {
            "provisionVMAgent": true,
            "enableAutomaticUpdates": true
          },
          "secrets": [],
          "adminPassword": {
            "reference": {
              "keyVault": {
                "id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
              },
              "secretName": "VM-LocalAdminPassword"
            }
          }
        }
    }
]

这适用于SQL,但不适用于VM 我得到的错误是这样的: { 11:16:27 - [ERROR]“target”:“vm.properties.osProfile.adminPassword”, 11:16:27 - [ERROR]“message”:“解析值时遇到意外的字符:{。 11:16:27 - [ERROR] Path'properties.osProfile.adminPassword',第1行,第785位。“ 11:16:27 - [ERROR]},

1 个答案:

答案 0 :(得分:1)

您无法直接在具有VM的模板中使用Key Vault引用。所以你必须使用参数文件。

因此,在您的参数文件中,您将拥有:

...
"adminPassword": {
    "reference": {
        "keyVault": {
            "id": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.KeyVault/vaults/{}"
        },
        "secretName": "secretName"
    }
},
...

并在模板中:

"osProfile": {
  "computerName": "[variables('vSqlVMName')]",
  "adminUsername": "[variables('vWinAdminUser')]",
  "windowsConfiguration": {
    "provisionVMAgent": true,
    "enableAutomaticUpdates": true
  },
  "secrets": [],
  "adminPassword": "[parameters('adminPassword')]"
}

您可以使用参数文件向deploment提供参数,或者,您可以将VM部署转换为嵌套模板部署,这样您就可以直接从父模板传递参数,而无需参数文件。

请参阅this example。它不涉及VM,但想法是一样的。

相关问题
最新问题