是否可以使用ARM模板为2个不同的Azure VM使用单个模板创建不同的nsg

时间:2018-07-16 13:40:30

标签: azure arm-template network-security-groups

我想使用具有不同NSG的单个模板json文件创建2个Azure VM。

vm-template.json

  "resources": [
    {
        "name": "[parameters('vmName')]",
        "type": "Microsoft.Compute/virtualMachines",
        "apiVersion": "[variables('computeApiVersion')]",
        "location": "[variables('location')]",
        "tags": {
            "Created By": "PAMC"
        },
        "dependsOn": [
            "[concat('Microsoft.Network/networkInterfaces/', parameters('networkInterfaceName'))]"
        ],
        "properties": {
            "osProfile": {
                "computerName": "[parameters('vmName')]",
                "adminUsername": "[parameters('vmUsername')]",
                "adminPassword": "[parameters('vmPassword')]"
            },
            "hardwareProfile": {
                "vmSize": "[parameters('vmSize')]"
            },
            "storageProfile": {
                "imageReference": {
                    "publisher": "[variables('imagePublisher')]",
                    "offer": "[variables('imageOffer')]",
                    "sku": "[variables('imageSku')]",
                    "version": "latest"
                }
            },
            "networkProfile": {
                "networkInterfaces": [
                    {
                        "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]"
                    }
                ]
            }
        }
    },
    {
        "name": "[parameters('networkInterfaceName')]",
        "type": "Microsoft.Network/networkInterfaces",
        "apiVersion": "[variables('networkApiVersion')]",
        "location": "[variables('location')]",
        "dependsOn": [
            "[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIPAddressName'))]",
            "[concat('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]"
        ],
        "properties": {
            "ipConfigurations": [
                {
                    "name": "ipconfig1",
                    "properties": {
                        "subnet": {
                            "id": "[variables('subnetRef')]"
                        },
                        "privateIPAllocationMethod": "Dynamic",
                        "publicIpAddress": {
                            "id": "[resourceId(variables('resourceGroupName'),'Microsoft.Network/publicIpAddresses', parameters('publicIPAddressName'))]"
                        }
                    }
                }
            ],
            "networkSecurityGroup": {
                "id": "[resourceId(variables('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
            }
        }
    },
    {
        "name": "[parameters('publicIPAddressName')]",
        "type": "Microsoft.Network/publicIpAddresses",
        "apiVersion": "[variables('networkApiVersion')]",
        "location": "[variables('location')]",
        "properties": {
            "publicIpAllocationMethod": "[variables('publicIPAddressType')]"
        }
    },
    {
        "name": "nsg1",
        "type": "Microsoft.Network/networkSecurityGroups",
        "apiVersion": "[variables('networkApiVersion')]",
        "location": "[variables('location')]",
        "properties": {
            "securityRules": [
                {
                    "name": "default-allow-ssh",
                    "properties": {
                        "priority": 1000,
                        "sourceAddressPrefix": "*",
                        "protocol": "TCP",
                        "destinationPortRange": "22",
                        "access": "Allow",
                        "direction": "Inbound",
                        "sourcePortRange": "*",
                        "destinationAddressPrefix": "*"
                    }
                },
                {
                    "name": "port1",
                    "properties": {
                        "priority": 1010,
                        "sourceAddressPrefix": "*",
                        "protocol": "TCP",
                        "destinationPortRange": "[parameters('port1')]",
                        "access": "Allow",
                        "direction": "Inbound",
                        "sourcePortRange": "*",
                        "destinationAddressPrefix": "*"
                    }
                }
            ]
        }
    },
    {
        "name": 'nsg2')]",
        "type": "Microsoft.Network/networkSecurityGroups",
        "apiVersion": "[variables('networkApiVersion')]",
        "location": "[variables('location')]",
        "properties": {
            "securityRules": [
                {
                    "name": "default-allow-ssh",
                    "properties": {
                        "priority": 1000,
                        "sourceAddressPrefix": "*",
                        "protocol": "TCP",
                        "destinationPortRange": "22",
                        "access": "Allow",
                        "direction": "Inbound",
                        "sourcePortRange": "*",
                        "destinationAddressPrefix": "*"
                    }
                },
                {
                    "name": "port2",
                    "properties": {
                        "priority": 1010,
                        "sourceAddressPrefix": "*",
                        "protocol": "TCP",
                        "destinationPortRange": "[parameters('port2')]",
                        "access": "Allow",
                        "direction": "Inbound",
                        "sourcePortRange": "*",
                        "destinationAddressPrefix": "*"
                    }
                },
                {
                    "name": "port3",
                    "properties": {
                        "priority": 1020,
                        "sourceAddressPrefix": "*",
                        "protocol": "TCP",
                        "destinationPortRange": "[parameters('port3')]",
                        "access": "Allow",
                        "direction": "Inbound",
                        "sourcePortRange": "*",
                        "destinationAddressPrefix": "*"
                    }
                }
            ]
        }
    }
  ]

我将使用不同的参数从另一个模板调用vm-template.json以上两次。

 {
        "apiVersion": "[variables('resourceDeploymentApiVersion')]",
        "name": "template1",
        "type": "Microsoft.Resources/deployments",
        "properties": {
            "mode": "Incremental",
            "templateLink": {
                "uri": "[variables('vmTemplateURL')]"
            },
            "parameters": {
                ....
            }
        }             
    },
 {
        "apiVersion": "[variables('resourceDeploymentApiVersion')]",
        "name": "template2",
        "type": "Microsoft.Resources/deployments",
        "properties": {
            "mode": "Incremental",
            "templateLink": {
                "uri": "[variables('vmTemplateURL')]"
            },
            "parameters": {
                ....
            }
        }             
    },

如何在vm-template.json中将nsg1用于template1,将nsg2用于template2?

1 个答案:

答案 0 :(得分:0)

我在那里没有发现问题,只需为nsg名称创建一个新参数,并使用它创建NSG并将其链接到vm。此外,看来您应该为此使用副本,这更有意义(至少对我而言)。

如果它们具有不同的规则,则可以使用变量来创建适当的规则:

"baseRule":     [
    {
        "name": "default-allow-ssh",
        "properties": {
            "priority": 1000,
            "sourceAddressPrefix": "*",
            "protocol": "TCP",
            "destinationPortRange": "22",
            "access": "Allow",
            "direction": "Inbound",
            "sourcePortRange": "*",
            "destinationAddressPrefix": "*"
        }
    },
    {
        "name": "port2",
        "properties": {
            "priority": 1010,
            "sourceAddressPrefix": "*",
            "protocol": "TCP",
            "destinationPortRange": "[parameters('port2')]",
            "access": "Allow",
            "direction": "Inbound",
            "sourcePortRange": "*",
            "destinationAddressPrefix": "*"
        }
    }
],
"extendedRule": [
    {
        "name": "port3",
        "properties": {
            "priority": 1020,
            "sourceAddressPrefix": "*",
            "protocol": "TCP",
            "destinationPortRange": "[parameters('port3')]",
            "access": "Allow",
            "direction": "Inbound",
            "sourcePortRange": "*",
            "destinationAddressPrefix": "*"
        }
    }
]

并使用它来构造适当的规则:

"securityRules": "[if(equals(nsgname, firstnsg), variables('baseRule'), concat(variables('baseRule'), variables('extendedRule'))]"