Azure VM自定义脚本扩展SAS令牌支持

问题描述 投票:3回答:4

[我正在尝试使用ARM模板部署向Azure VM添加自定义脚本扩展,并且希望它使用SAS令牌从存储帐户下载文件。

这里是模板(简体):

{
    "name": "CustomScriptExtension"
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "eastus",
    "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.8",
        "settings": {
            "fileUris": [
                "https://{storage-account}.blob.core.windows.net/installers/{installer}.msi?sv=2015-04-05&sig={signature}&st=2017-05-03T05:18:28Z&se=2017-05-10T05:18:28Z&srt=o&ss=b&sp=r"
            ],
            "commandToExecute": "start /wait msiexec /package {installer}.msi /quiet"
        },
    }
}

并且部署它会导致此错误:

{
  "name": "CustomScriptExtension",
  "type": "Microsoft.Compute.CustomScriptExtension",
  "typeHandlerVersion": "1.8",
  "statuses": [
    {
      "code": "ProvisioningState/failed/3",
      "level": "Error",
      "displayStatus": "Provisioning failed",
      "message": "Failed to download all specified files. Exiting. Error Message: Missing mandatory parameters for valid Shared Access Signature"
    }
  ]
}

如果我直接用SAS令牌访问URL,它将很好地下拉文件,因此我知道SAS令牌是正确的。自定义脚本扩展名是否不支持带有SAS令牌的URL?

azure azure-virtual-machine azure-resource-manager azure-template
4个回答
6
投票

我知道了,这一定是自定义脚本扩展中的错误,导致它不支持存储帐户级SAS令牌。如果我在SAS令牌(不属于存储帐户级别SAS令牌规范的一部分)的末尾添加&sr=b,它将开始工作。

我在这里找到此信息:https://azureoperations.wordpress.com/2016/11/21/first-blog-post/

1
投票

如@ 4c74356b41所说。现在,客户脚本扩展模板不支持SAS令牌。如果要从专用存储帐户下载文件,则可以使用存储帐户密钥。请参考此example

{
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "name": "[concat(variables('vmName'),'/', variables('extensionName'))]",
      "apiVersion": "[variables('apiVersion')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
      ],
      "properties": {
        "publisher": "Microsoft.Azure.Extensions",
        "type": "CustomScript",
        "typeHandlerVersion": "2.0",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "fileUris": "[split(parameters('fileUris'), ' ')]",
          "commandToExecute": "[parameters('commandToExecute')]"
        },
        "protectedSettings": {
          "storageAccountName": "[parameters('customScriptStorageAccountName')]",
          "storageAccountKey": "[parameters('customScriptStorageAccountKey')]"
        }
      }
    }
0
投票

不,它不支持SAS令牌。请参阅此反馈项目:

https://github.com/Azure/azure-linux-extensions/issues/105

0
投票

当前,在VM Extension中支持S​​AS令牌

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.