我有以下脚本,这是我用来部署 vnet 的脚本的一部分。但是它无法创建 vnet,知道我哪里可能出错了吗?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"client": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Client name - max 3 chars"
}
},
"environment": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Environment name - max 3 chars"
}
},
"businessUnit": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Business Unit name - max 3 chars"
}
},
"appName": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "App name - max 3 chars"
}
},
"addressPrefix": {
"type": "string",
"metadata": {
"description": "The address space in CIDR notation for the new virtual network."
}
},
"subnetName1": {
"type": "string",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"subnetName2": {
"type": "string",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"gatewaySubnet": {
"type": "string",
"defaultValue": "GatewaySubnet",
"allowedValues": [
"GatewaySubnet"
],
"metadata": {
"description": "The name of the subnet where Gateway is to be deployed. This must always be named GatewaySubnet."
}
},
"subnetPrefix1": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"subnetPrefix2": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"gatewaySubnetPrefix": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the Gateway subnet. For ExpressRoute enabled Gateways, this must be minimum of /28."
}
},
"dnsServerAddress": {
"type": "array",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
},
"dnsServerAddressUpdateDns": {
"type": "array",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
},
"vpnClientAddressPoolPrefix": {
"type": "string",
"metadata": {
"description": "The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network."
}
},
"vmMfaName1privateIPAddress": {
"type": "string",
"metadata": {
"description": "The IP address of the MFA server."
}
},
"vmMfaName2privateIPAddress": {
"type": "string",
"metadata": {
"description": "The IP address of the MFA server."
}
},
"vmMfaLbIpAddress1": {
"type": "string",
"metadata": {
"description": "The IP address of the RADIUS server."
}
},
"radiusServerSecret": {
"type": "string",
"metadata": {
"description": "The secret of the RADIUS server."
}
},
"omsWorkSpaceResourceGroup": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Workspace Resource Group"
}
},
"omsWorkSpaceName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Workspace Resource Name"
}
},
"omsWorkspaceStorageAccount": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Storage Account of OMS Workspace"
}
}
},
"variables": {
"apiVersion": "2015-06-15",
"vnetApiVersion": "2017-10-01",
"virtualNetworkPeeringApiVersion": "2017-10-01",
"routeTableApiVersion": "2017-10-01",
"locksApiVersion": "2017-04-01",
"virtualNetworkName": "[tolower(concat('vnet-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('gatewaySubnet'))]",
"virtualNetworkGatewayName": "[tolower(concat('vng-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"gatewaySku": "vpngw1",
"gatewayPublicIPName": "[tolower(concat('pip-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"vpnClientProtocols": "IkeV2",
"subnetName1": "[tolower(concat('sub-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName'), '-', parameters('subnetName1')))]",
"routeTable1": "[tolower(concat('udr-', variables('subnetName1')))]",
"networkSecurityGroup1": "[tolower(concat('nsg-', variables('subnetName1')))]",
"subnetName2": "[tolower(concat('sub-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName'), '-', parameters('subnetName2')))]",
"routeTable2": "[tolower(concat('udr-', variables('subnetName2')))]",
"networkSecurityGroup2": "[tolower(concat('nsg-', variables('subnetName2')))]"
},
"resources": [
{
"name": "[variables('routeTable1')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [
],
"disableBgpRoutePropagation": false
}
},
{
"name": "[variables('routeTable2')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [
],
"disableBgpRoutePropagation": false
}
},
{
"name": "[variables('networkSecurityGroup1')]",
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/networkSecurityGroups",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]"
],
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowInboundHttpsMfaServer1",
"properties": {
"priority": 101,
"protocol": "Tcp",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('vmMfaName1privateIPAddress')]",
"destinationPortRange": "443"
}
},
{
"name": "AllowInboundHttpsMfaServer2",
"properties": {
"priority": 102,
"protocol": "Tcp",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('vmMfaName2privateIPAddress')]",
"destinationPortRange": "443"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
}
},
{
"type": "microsoft.network/networksecuritygroups/providers/diagnosticSettings",
"name": "[concat(variables('networkSecurityGroup1'), '/Microsoft.Insights/service')]",
"dependsOn": [
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "service",
"storageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.Storage/storageAccounts/', parameters('omsWorkspaceStorageAccount'))]",
"workspaceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkSpaceName'))]",
"logs": [
{
"category": "NetworkSecurityGroupEvent",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
},
{
"category": "NetworkSecurityGroupRuleCounter",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
}
]
}
},
{
"name": "[variables('networkSecurityGroup2')]",
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/networkSecurityGroups",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]"
],
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
}
},
{
"type": "microsoft.network/networksecuritygroups/providers/diagnosticSettings",
"name": "[concat(variables('networkSecurityGroup2'), '/Microsoft.Insights/service')]",
"dependsOn": [
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup2'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "service",
"storageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.Storage/storageAccounts/', parameters('omsWorkspaceStorageAccount'))]",
"workspaceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkSpaceName'))]",
"logs": [
{
"category": "NetworkSecurityGroupEvent",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
},
{
"category": "NetworkSecurityGroupRuleCounter",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
}
]
}
},
{
"name": "[variables('virtualNetworkName')]",
"apiVersion": "[variables('vnetApiVersion')]",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]",
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup2'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": "[parameters('dnsServerAddress')]"
},
"subnets": [
{
"name": "[variables('subnetName1')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix1')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup1'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable1'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[variables('subnetName2')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix2')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup2'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable2'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[parameters('gatewaySubnet')]",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
},
"resources": [
{
"name": "[concat(variables('virtualNetworkName'), '/Microsoft.Authorization/', variables('virtualNetworkName'), '-LockDoNotDelete')]",
"type": "Microsoft.Network/virtualNetworks/providers/locks",
"apiVersion": "[variables('locksApiVersion')]",
"dependsOn": [
"[variables('virtualNetworkName')]"
],
"properties": {
"level": "CanNotDelete",
"notes": "Resource Lock - Do Not Delete!",
"owners": [
]
}
}
]
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('gatewayPublicIPName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworkGateways",
"name": "[variables('virtualNetworkGatewayName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('gatewayPublicIPName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('gatewaySubnetRef')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('gatewayPublicIPName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"sku": {
"name": "[variables('gatewaySku')]",
"tier": "[variables('gatewaySku')]"
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": "false",
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"[parameters('vpnClientAddressPoolPrefix')]"
]
},
"vpnClientProtocols": [
"[variables('vpnClientProtocols')]"
],
"radiusServerAddress": "[parameters('vmMfaLbIpAddress1')]",
"radiusServerSecret": "[parameters('radiusServerSecret')]"
}
}
}
]
}
这用于在将 vm 部署到它之前创建一个 vnet 和子网。
我看不出哪里出错了,我很困惑..任何帮助将不胜感激谢谢
