我想使用具有不同NSG的单个模板json文件创建2个Azure VM。
vm-template.json
"resources": [
{
"name": "[parameters('vmName')]",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "[variables('computeApiVersion')]",
"location": "[variables('location')]",
"tags": {
"Created By": "PAMC"
},
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', parameters('networkInterfaceName'))]"
],
"properties": {
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('vmUsername')]",
"adminPassword": "[parameters('vmPassword')]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[variables('imageSku')]",
"version": "latest"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]"
}
]
}
}
},
{
"name": "[parameters('networkInterfaceName')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIPAddressName'))]",
"[concat('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic",
"publicIpAddress": {
"id": "[resourceId(variables('resourceGroupName'),'Microsoft.Network/publicIpAddresses', parameters('publicIPAddressName'))]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId(variables('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
}
}
},
{
"name": "[parameters('publicIPAddressName')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"properties": {
"publicIpAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"name": "nsg1",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "default-allow-ssh",
"properties": {
"priority": 1000,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "22",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "port1",
"properties": {
"priority": 1010,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "[parameters('port1')]",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
}
]
}
},
{
"name": 'nsg2')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "default-allow-ssh",
"properties": {
"priority": 1000,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "22",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "port2",
"properties": {
"priority": 1010,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "[parameters('port2')]",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "port3",
"properties": {
"priority": 1020,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "[parameters('port3')]",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
}
]
}
}
]
我将使用不同的参数从另一个模板调用vm-template.json以上两次。
{
"apiVersion": "[variables('resourceDeploymentApiVersion')]",
"name": "template1",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('vmTemplateURL')]"
},
"parameters": {
....
}
}
},
{
"apiVersion": "[variables('resourceDeploymentApiVersion')]",
"name": "template2",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('vmTemplateURL')]"
},
"parameters": {
....
}
}
},
如何在vm-template.json中将nsg1用于template1,将nsg2用于template2?
答案 0 :(得分:0)
我在那里没有发现问题,只需为nsg名称创建一个新参数,并使用它创建NSG并将其链接到vm。此外,看来您应该为此使用副本,这更有意义(至少对我而言)。
如果它们具有不同的规则,则可以使用变量来创建适当的规则:
"baseRule": [
{
"name": "default-allow-ssh",
"properties": {
"priority": 1000,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "22",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "port2",
"properties": {
"priority": 1010,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "[parameters('port2')]",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
}
],
"extendedRule": [
{
"name": "port3",
"properties": {
"priority": 1020,
"sourceAddressPrefix": "*",
"protocol": "TCP",
"destinationPortRange": "[parameters('port3')]",
"access": "Allow",
"direction": "Inbound",
"sourcePortRange": "*",
"destinationAddressPrefix": "*"
}
}
]
并使用它来构造适当的规则:
"securityRules": "[if(equals(nsgname, firstnsg), variables('baseRule'), concat(variables('baseRule'), variables('extendedRule'))]"