4

我正在使用 Azure REST API 部署资源组并提供 ARM 模板。在虚拟机资源中,我有一个类型为DSC. 代码片段如下:

{
  "resources": [
    {
      "name": "[concat(variables('VMName'),'/SetupScript')]",
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "location": "[parameters('DNSLocation')]",
      "apiVersion": "2015-05-01-preview",
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
      ],
      "tags": {
        "displayName": "SetupScript"
      },
      "properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "1.7",
        "settings": {
          "modulesUrl": "[variables('SetupScriptConfigurationFile')]",
          "sasToken": "",
          "configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
          "properties": {
            "DomainName": "[parameters('DomainName')]",
            "DomainAdminUsername": "[parameters('VMAdminUsername')]",
            "DomainAdminPassword": "[parameters('VMAdminPassword')]"
          }
        },
        "protectedSettings": {

        }
      }
    }
  ]
}

正在调用的 DSC 配置如下所示:

Configuration DNSConfig
{ 
    param
    ( 
        [string]$NodeName ='localhost',  
        [Parameter(Mandatory=$true)][string]$DomainName,
        [Parameter(Mandatory=$true)][string]$DomainAdminUsername,
        [Parameter(Mandatory=$true)][string]$DomainAdminPassword
    ) 

    #Import the required DSC Resources  
    Import-DscResource -Module xComputerManagement 
    Import-DscResource -Module xActiveDirectory

    $securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
    $DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);

    Node $NodeName
    { #ConfigurationBlock

        WindowsFeature DSCService {
            Name = "DSC-Service"
            Ensure = "Present"
            IncludeAllSubFeature = $true
        }

        WindowsFeature ADDSInstall 
        {   
            Ensure = 'Present'
            Name = 'AD-Domain-Services'
            IncludeAllSubFeature = $true
        }

        WindowsFeature RSATTools 
        { 
            DependsOn= '[WindowsFeature]ADDSInstall'
            Ensure = 'Present'
            Name = 'RSAT-AD-Tools'
            IncludeAllSubFeature = $true
        }  

        xADDomain SetupDomain {
            DomainName= $DomainName
            DomainAdministratorCredential= $DomainAdminCred
            SafemodeAdministratorPassword= $DomainAdminCred
            DependsOn='[WindowsFeature]RSATTools'
        }
    #End Configuration Block    
    } 
}

当我在本地运行 DSC 脚本时,要成功为此 DSC 脚本生成 MOF 文件,我需要为 ConfigurationData 传递一个哈希表,如下所示:

$ConfigData = @{
    AllNodes = @(
        @{
            NodeName                    = '*'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...

我现在的问题是,我想ConfigurationData通过我首先展示的 ARM 模板传递这种类型。甚至可能吗?如果不是,那么我应该如何设置 VM 扩展执行的 DSC 脚本的 ConfigurationData?

谢谢!

4

2 回答 2

3

要将配置数据传递给 DSC 扩展,您需要将其保存到 *.psd1 文件中,例如:

    C:\ PS> Get-Content C:\ConfigurationData.ps1
     @{
        AllNodes = @(
            @{
                NodeName                    = '*'
                PSDscAllowPlainTextPassword = $true
            }
        )
    }

然后将此文件上传到可从您的 VM 访问的位置,并在模板的受保护设置中传递 URI:

    "protectedSettings": {
        "DataBlobUri": "https://.../ConfigurationData.psd1"
    }

与您的原始问题无关的两个建议:

  • DSC 扩展 1.7 版可能会在某些 ARM 部署期间产生间歇性错误。我建议看看2.0 版

  • 您可能想要加密密码而不是使用 PSDscAllowPlainTextPassword。DSC 扩展使用 Azure 已部署到 VM 的加密证书,因此设置加密非常简单。更多信息在这里

于 2015-07-06T21:57:47.137 回答
1

这已随较新版本发生变化,请参阅文档

简而言之,现在 psd1 必须与受保护设置部分下的其余配置元素和 SAS 令牌位于同一级别。

"settings": {
  "configurationData": {
    "url": "https://foo.psd1"
  } 
},
"protectedSettings": {
  "configurationDataUrlSasToken": "?dataAcC355T0k3N"
}
于 2017-10-17T10:40:03.220 回答