Azure ARM模板通过自动生成的SAS令牌启用Linux诊断扩展

时间:2019-03-13 17:14:20

标签: azure sas diagnostics azure-diagnostics sas-token

我正在尝试使用新VM部署arm模板,并设置Linux Diagnostic Extension / LAD,而不创建新的Storage帐户,而是使用现有的帐户。我发现本文https://samcogan.com/generate-sas-tokens-in-arm-teamplates/使用“ listAccountSas”,并且已在“ ProtectedSettings”中进行了设置:

  

“ storageAccountSasToken”:   “ [listAccountSas(parameters('existingStorageName'),'2018-07-01',   variables('accountSasProperties')。accountSasToken]“

"resources": [
{vm creation bla bla},

   {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
      "location": "[parameters('vmLocation')]",
      "dependsOn": [ 
          "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"     
         ],
      "name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",      
      "properties": {
          "publisher": "Microsoft.Azure.Diagnostics",
          "type": "LinuxDiagnostic",
          "autoUpgradeMinorVersion": true,
          "typeHandlerVersion": "3.0", 

          "protectedSettings": {
            "storageAccountName": "[parameters('existingStorageName')]",
            "storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",  

            "storageAccountEndPoint": "https://core.windows.net/",
            "sinksConfig": {
              "sink": [
                {
                  "name": "WADMetricJsonBlob",
                  "type": "JsonBlob"
                }
              ]
            }  

            },

          "settings": {
          "StorageAccount": "[parameters('existingStorageName')]",
          "ladCfg": {
              "diagnosticMonitorConfiguration": {
                  "eventVolume": "Medium", 
                  "metrics": {
                    "metricAggregation": [
                      {
                        "scheduledTransferPeriod": "PT1H"
                      }, 
                      {
                        "scheduledTransferPeriod": "PT1M"
                      }
                    ], 
                    "resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
                  }, 

                  "performanceCounters": {
                    "sinks": "WADMetricJsonBlob",
                    "performanceCounterConfiguration": [                                
                      {
                        "annotation": [
                          {
                            "displayName": "Memory percentage", 
                            "locale": "en-us"
                          }
                        ], 
                        "class": "memory", 
                        "counter": "percentusedmemory", 
                        "counterSpecifier": "/builtin/memory/percentusedmemory", 
                        "type": "builtin", 
                        "unit": "Percent"
                      }

                    ]
                  }, 
                  "syslogEvents": {}
                }, 
                "sampleRateInSeconds": 15
              }
            }                  
          }

      },

当我尝试部署模板时,在验证过程中出现错误:

  

“ InvalidTemplate”,“消息”:“部署模板验证失败:   '模板引用'myExistingStorageAccount'无效:可以   找不到具有此名称的模板资源或资源副本。请参阅   https://aka.ms/arm-template-expressions/#reference供使用   详细信息。”。}

根据MS:

  

引用函数和列表函数不会创建隐式   资源通过其资源ID引用资源时的依赖关系。至   创建一个隐式依赖项,传递的资源名称为   部署在同一模板中。

但是,我尝试使用嵌套模板在其中“创建” SAS令牌,并在输出中设置sasToken.Id,稍后再在我的主模板中使用sastoken.Id调用Diagnostic Extension:

{
    "apiVersion": "2017-08-01",
    "name": "SasTokenNestedTemplate",
    "type": "Microsoft.Resources/deployments",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
    ],
    "properties": {
        "mode" : "Incremental",
        "template": {
        "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "parameters": {},
        "variables": {},
        "resources": [
            {
                "apiVersion" : "2018-03-01",
                "type":  "Microsoft.Resources/deployments",
                "name": "NestedSasTokenCreation",
                "properties": {
                    "sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
                    }
                }
                ],
                "outputs": {
                    "sasToken": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
                    }
                  }
            }
        }
    },


   {
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
    "location": "[parameters('vmLocation')]",
    "dependsOn": [ 
        "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"      
     ],
    "name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",      
    "properties": {
        "publisher": "Microsoft.Azure.Diagnostics",
        "type": "LinuxDiagnostic",
        "autoUpgradeMinorVersion": true,
        "typeHandlerVersion": "3.0", 

        "protectedSettings": {
          "storageAccountName": "[parameters('existingStorageName')]",
          "storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" }, 

          "storageAccountEndPoint": "https://core.windows.net/",
          "sinksConfig": {
            "sink": [
              {
                "name": "WADMetricJsonBlob",
                "type": "JsonBlob"
              }
            ]
          }  

但是仍然出现与上述相同的错误。 在此先感谢您的帮助!

1 个答案:

答案 0 :(得分:1)

您需要为其提供存储帐户的资源ID,因为它不是模板的一部分,它无法自行解决。

listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken