0

我有一个创建 SQL Server 和 VM 的 Azure ARM 模板。两者都参考 KeyVault 来获取管理员密码:

"resources": [
    {
      "type": "Microsoft.Sql/servers",
      "kind": "v12.0",
      "name": "[variables('vSqlServerName')]",
      "tags": {
        "Environment": "[parameters('pEnvironment')]",
        "DisplayName": "SQL Server",
        "UDID": "SQLServer" // Unique Deployment ID (for later reference) 
      },
      "apiVersion": "[variables('vSqlAPIVersion')]",
      "location":  "[resourceGroup().location]",
      "properties": {
        "administratorLogin": "[variables('vSqlAdminUser')]",
        "administratorLoginPassword":{
        "reference": {
          "keyVault": {
            "id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
          },
          "secretName": "SQLDW-AdminPassword"
        }
      },
        "version": "12.0"
      },
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "name": "[concat(variables('vSqlVMName'), variables('vSuffixVM'))]",
      "apiVersion": "2015-06-15",
      "location": "[resourceGroup().location]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "Standard_DS5_v2"
        }
        "osProfile": {
          "computerName": "[variables('vSqlVMName')]",
          "adminUsername": "[variables('vWinAdminUser')]",
          "windowsConfiguration": {
            "provisionVMAgent": true,
            "enableAutomaticUpdates": true
          },
          "secrets": [],
          "adminPassword": {
            "reference": {
              "keyVault": {
                "id": "[concat(resourceGroup().id, '/providers/Microsoft.KeyVault/vaults/', variables('vKeyVaultName'))]"
              },
              "secretName": "VM-LocalAdminPassword"
            }
          }
        }
    }
]

这适用于 SQL,但不适用于 VM,我得到的错误是:{ 11:16:27 - [ERROR] "target": "vm.properties.osProfile.adminPassword", 11:16:27 - [错误]“消息”:“解析值时遇到意外字符:{。11:16:27 - [错误]路径'properties.osProfile.adminPassword',第1行,位置785。” 11:16:27 - [错误]},

4

1 回答 1

1

您肯定不能直接在模板中使用带有 VM 的 Key Vault 引用。因此,您必须为此使用参数文件。

因此,在您的参数文件中,您将拥有:

...
"adminPassword": {
    "reference": {
        "keyVault": {
            "id": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.KeyVault/vaults/{}"
        },
        "secretName": "secretName"
    }
},
...

并在模板中:

"osProfile": {
  "computerName": "[variables('vSqlVMName')]",
  "adminUsername": "[variables('vWinAdminUser')]",
  "windowsConfiguration": {
    "provisionVMAgent": true,
    "enableAutomaticUpdates": true
  },
  "secrets": [],
  "adminPassword": "[parameters('adminPassword')]"
}

您可以使用参数文件为部署提供参数,或者,您可以将虚拟机部署转换为嵌套模板部署,这样您就可以直接从父模板传递参数,而无需参数文件。

参考这个例子。它不处理虚拟机,但想法是一样的。

于 2017-03-16T12:04:02.113 回答