无法使用 azure bicep 将具有应用程序安全组和 nsg 的现有网卡添加到虚拟机

问题描述 投票:0回答:1

无法使用 azure bicep 将具有应用程序安全组和 nsg 的现有网卡添加到虚拟机。

我的代码是这样的

资源现有'Microsoft.Network/networkinterfaces@2022-04-02'现有= { 名称:'机械师' } 请建议如何解决这个问题。

azure-bicep
1个回答
0
投票

使用 BICEP 通过 ASG、NSG 和 VM 引用 NIC

在 Azure Bicep 中,要将具有应用程序安全组 (ASG) 和网络安全组 (NSG) 的现有网络接口卡 (NIC) 连接到虚拟机,您需要确保该 NIC 已正确配置并引用了ASG 和 NSG。如果在最初创建 NIC 时未配置这些设置或者需要更新这些设置,您需要相应地调整 NIC 的 Bicep 模块。

我现有的网卡供参考

enter image description here

更新-nic-resources.bicep

param nicName string = 'vinay-nic'
param vmName string = 'testvmvk'
param vmSize string = 'Standard_DS1_v2'
param adminUsername string = 'adminUser'
param adminPassword string
param location string = 'eastus'
param publisher string = 'Canonical'
param offer string = 'UbuntuServer'
param sku string = '18.04-LTS'
param version string = 'latest'
param subnetId string // Add this parameter to pass the subnet ID

// Create a new Application Security Group
resource newASG 'Microsoft.Network/applicationSecurityGroups@2021-05-01' = {
  name: 'vkASG'
  location: location
}

// Create a new Network Security Group
resource newNSG 'Microsoft.Network/networkSecurityGroups@2021-05-01' = {
  name: 'vkNSG'
  location: location
}

// Reference and update the existing NIC to include ASG and NSG with subnet reference
resource existingNic 'Microsoft.Network/networkInterfaces@2023-11-01' = {
  name: nicName
  location: location
  properties: {
    networkSecurityGroup: {
      id: newNSG.id
    }
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          subnet: {
            id: subnetId
          }
          applicationSecurityGroups: [
            {
              id: newASG.id
            }
          ]
        }
      }
    ]
  }
}

// Create the virtual machine and attach the NIC
resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-07-01' = {
  name: vmName
  location: location
  properties: {
    hardwareProfile: {
      vmSize: vmSize
    }
    storageProfile: {
      imageReference: {
        publisher: publisher
        offer: offer
        sku: sku
        version: version
      }
      osDisk: {
        createOption: 'FromImage'
        managedDisk: {
          storageAccountType: 'Standard_LRS'
        }
      }
    }
    osProfile: {
      computerName: vmName
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: existingNic.id
          primary: true
        }
      ]
    }
  }
}

// Output the IDs of the new ASG, NSG, and VM for reference
output asgId string = newASG.id
output nsgId string = newNSG.id
output vmId string = virtualMachine.id

现在运行命令

az deployment group create --resource-group vinay-rg --template-file update-nic-resources.bicep --parameters adminPassword='Yoursecurepassword' location='eastus' subnetId='/subscriptions/subID/resourceGroups/vinay-rg/providers/Microsoft.Network/virtualNetworks/vnet-eastus-1/subnets/snet-eastus-1'

部署成功:

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.