我正在尝试使用powershell脚本创建服务结构群集。这是脚本:
Param(
[Parameter(HelpMessage="Azure user name")]
[String]$azUserName,
[Parameter(HelpMessage="Azure password")]
[String]$azPassword,
[Parameter(HelpMessage="What is the resource group name?")]
[String]$ResourceGroupName="sfLinuxClusterRg",
[Parameter(HelpMessage="What is the key vault group name?")]
[String]$KeyVaultResourceGroupName="KeyVaultRg",
[Parameter(HelpMessage="Where is the azure location?")]
[String]$Location="uksouth",
[Parameter(HelpMessage="what is the key vault group?")]
[String]$VaultGroupName="linuxclusterkeyvaultgroup",
[Parameter(HelpMessage="Where is the certificate stored locally?")]
[String]$CertFileName="certificate.pfx",
[Parameter(HelpMessage="What is the subscription id?")]
[String]$SubscriptionId,
[Parameter(HelpMessage="What is the tenant id?")]
[String]$TenantId
)
Function DecryptSecureString([SecureString] $secureText){
return [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureText))
}
Function CreateKeyVaultCert(){
try{
Select-AzureRmSubscription -SubscriptionId $SubscriptionId `
-TenantId $TenantId
# Create a Resource Group to hold your Key Vault(s)
# Note this should be separate from your other resources so you can delete those other resource groups without impacting your registered certs
New-AzureRmResourceGroup -Name $KeyVaultResourceGroupName -Location uksouth -Force
# Create a Key Vault to hold your secrets
New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $KeyVaultResourceGroupName `
-Location uksouth -EnabledForDeployment `
-EnabledForDiskEncryption -EnabledForTemplateDeployment
# Have Key Vault create the certificate with a simple policy
$policy = New-AzureKeyVaultCertificatePolicy `
-SubjectName "CN=cluster123.uksouth.cloudapp.azure.com" `
-IssuerName Self -ValidityInMonths 12
Add-AzureKeyVaultCertificate -VaultName $vaultName -Name cert1 -CertificatePolicy $policy
Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EnabledForDeployment
Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EmailAddress $azUserName -PermissionsToSecrets Get
}
catch{
Write-Host $_.Exception.Message
exit
}
}
$azPassword = $azPassword | ConvertTo-SecureString -AsPlainText -Force
Import-AzureRmContext -Path "C:\stuff\AzureProfile.json"
$Date = Get-Date
$VaultName="VaultLearn" + $Date.ToString("hhmmss")
# sign in to your Azure account and select your subscription
$certName = "CN=cluster123.uksouth.cloudapp.azure.com"
$clustersize=5
$clustername = "cluster123" + $Date.ToString("hhmmss")
$adminuser="admin"
$vmsku = "Standard_D2_v2"
$os = "UbuntuServer1604"
Select-AzureRmSubscription -SubscriptionId $SubscriptionId
CreateKeyVaultCert
New-AzureRmServiceFabricCluster -Name $clustername `
-ResourceGroupName $ResourceGroupName `
-Location uksouth `
-ClusterSize $clustersize `
-VmUserName $adminuser -VmPassword $azPassword `
-CertificateSubjectName $certName `
-CertificatePassword $azPassword `
-VmSku $vmsku `
-CertificateOutputFolder 'C:\stuff' `
-OS $os `
-KeyVaultName $VaultName
Write-Host "Created service fabric cluster in resource group $ResourceGroupName"
#Add-AzureRmAccount
# $path = "C:\stuff\AzureProfile.json"
# Save-AzureRmContext -Path $path -Force
我一直收到错误:
New-AzureRmServiceFabricCluster:名称'VaultLearn090903'已在使用中。
这真的很奇怪,因为我很确定昨天这个脚本至少试图创建集群,虽然我收到了另一个关于Ubuntu图像找不到的错误。可能导致此错误的原因是什么?
顺便说一下,为了运行这个脚本,我之前运行过这段代码:
Add-AzureRmAccount
$path = "C:\stuff\AzureProfile.json"
Save-AzureRmContext -Path $path -Force
已在本地缓存我的azure凭据。
我在脚本中专门添加了两个语句,用于添加访问keyvault的策略:
Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EnabledForDeployment
Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EmailAddress $azUserName -PermissionsToSecrets Get
我知道这可能是矫枉过正,但我正试图摆脱这个问题。
另一个奇怪的事情是我尝试了Azure Sample Github repo
我对如何继续使用服务结构感到茫然。
答案 0 :(得分:0)
为了完整性:
我设法通过访问azure门户网站,创建服务结构集群并下载ARM模板(包括一些PowerShell脚本)来获得不同的工作。
感谢