Azure ARM模板,使用自动生成的SAS令牌启用Linux诊断扩展

问题描述 投票:0回答:1

我正在尝试使用新VM部署arm模板并设置Linux Diagnostic Extension / LAD,而无需创建新的存储帐户但使用现有存储帐户。我发现这篇文章https://samcogan.com/generate-sas-tokens-in-arm-teamplates/使用“listAccountSas”并且我已经设置了“ProtectedSettings”:

“storageAccountSasToken”:“[listAccountSas(parameters('existingStorageName'),'2018-07-01',variables('accountSasProperties'))。accountSasToken]”

"resources": [
{vm creation bla bla},

   {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
      "location": "[parameters('vmLocation')]",
      "dependsOn": [ 
          "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"     
         ],
      "name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",      
      "properties": {
          "publisher": "Microsoft.Azure.Diagnostics",
          "type": "LinuxDiagnostic",
          "autoUpgradeMinorVersion": true,
          "typeHandlerVersion": "3.0", 

          "protectedSettings": {
            "storageAccountName": "[parameters('existingStorageName')]",
            "storageAccountSasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]",  

            "storageAccountEndPoint": "https://core.windows.net/",
            "sinksConfig": {
              "sink": [
                {
                  "name": "WADMetricJsonBlob",
                  "type": "JsonBlob"
                }
              ]
            }  

            },

          "settings": {
          "StorageAccount": "[parameters('existingStorageName')]",
          "ladCfg": {
              "diagnosticMonitorConfiguration": {
                  "eventVolume": "Medium", 
                  "metrics": {
                    "metricAggregation": [
                      {
                        "scheduledTransferPeriod": "PT1H"
                      }, 
                      {
                        "scheduledTransferPeriod": "PT1M"
                      }
                    ], 
                    "resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
                  }, 

                  "performanceCounters": {
                    "sinks": "WADMetricJsonBlob",
                    "performanceCounterConfiguration": [                                
                      {
                        "annotation": [
                          {
                            "displayName": "Memory percentage", 
                            "locale": "en-us"
                          }
                        ], 
                        "class": "memory", 
                        "counter": "percentusedmemory", 
                        "counterSpecifier": "/builtin/memory/percentusedmemory", 
                        "type": "builtin", 
                        "unit": "Percent"
                      }

                    ]
                  }, 
                  "syslogEvents": {}
                }, 
                "sampleRateInSeconds": 15
              }
            }                  
          }

      },

当我尝试部署模板时,验证期间出错:

“InvalidTemplate”,“message”:“部署模板验证失败:'模板引用'myExistingStorageAccount'无效:找不到具有此名称的模板资源或资源副本。有关使用详情,请参阅https://aka.ms/arm-template-expressions/#reference。'。”}

据MS说:

当资源由其资源ID引用时,引用函数和列表*函数不会创建隐式依赖项。要创建隐式依赖项,请传递在同一模板中部署的资源的名称。

但是,我尝试使用嵌套模板在哪里“创建”SAS令牌,并在输出中设置sasToken.Id,以便稍后调用,在我的主模板中,使用sastoken.Id进行诊断扩展:

{
    "apiVersion": "2017-08-01",
    "name": "SasTokenNestedTemplate",
    "type": "Microsoft.Resources/deployments",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
    ],
    "properties": {
        "mode" : "Incremental",
        "template": {
        "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "parameters": {},
        "variables": {},
        "resources": [
            {
                "apiVersion" : "2018-03-01",
                "type":  "Microsoft.Resources/deployments",
                "name": "NestedSasTokenCreation",
                "properties": {
                    "sasToken": "[listAccountSas(parameters('existingStorageName'), '2018-07-01', variables('accountSasProperties')).accountSasToken]"
                    }
                }
                ],
                "outputs": {
                    "sasToken": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Resources/deployments', parameters('sasToken'))]"
                    }
                  }
            }
        }
    },


   {
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "apiVersion": "[providers('Microsoft.Compute','virtualMachines/extensions').apiVersions[0]]",
    "location": "[parameters('vmLocation')]",
    "dependsOn": [ 
        "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"      
     ],
    "name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",      
    "properties": {
        "publisher": "Microsoft.Azure.Diagnostics",
        "type": "LinuxDiagnostic",
        "autoUpgradeMinorVersion": true,
        "typeHandlerVersion": "3.0", 

        "protectedSettings": {
          "storageAccountName": "[parameters('existingStorageName')]",
          "storageAccountSasToken": { "value": "[reference('SasTokenNestedTemplate', '2017-08-01').outputs.sasToken.value]" }, 

          "storageAccountEndPoint": "https://core.windows.net/",
          "sinksConfig": {
            "sink": [
              {
                "name": "WADMetricJsonBlob",
                "type": "JsonBlob"
              }
            ]
          }

但仍然得到与上面相同的错误。在此先感谢您的帮助!

azure sas diagnostics azure-diagnostics sas-token
1个回答
1
投票

你需要给它存储帐户的资源ID,因为它不是模板的一部分,它不能自己解决它。

listAccountSas(resourceId('Microsoft.Storage/storageAccounts', parameters('existingStorageName')), '2018-07-01', variables('accountSasProperties')).accountSasToken
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.