我正在尝试创建一个 DeployIfNotExist 策略,该策略将自动在备份中注册虚拟机,这些备份将转到名为资源组的位置中的恢复服务保管库。政策代码似乎应该可以工作。这是它的...
{
"properties": {
"displayName": "Virtual Machine OS Backup",
"policyType": "Custom",
"mode": "All",
"metadata": {
"category": "Compute"
},
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.RecoveryServices/backupprotecteditems",
"existenceCondition": {
"allOf": [
{
"field": "name",
"like": "*"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"VMName": {
"value": "[field('name')]"
},
"VMRG": {
"value": "[resourcegroup().name]"
},
"VMLocation": {
"value": "[field('location')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"VMName": {
"type": "string"
},
"VMRG": {
"type": "string"
},
"VMLocation": {
"type": "string"
}
},
"variables": {
"BackupVaultRGName": "[concat('RGP-BACKUPS-', toUpper(parameters('VMLocation')))]",
"BackupVaultName": "[concat('rsv-backups-',toLower(parameters('VMLocation')))]",
"BackupPolicyName": "DefaultPolicy",
"BackupIntentConcat": "[concat('/Azure/vm;iaasvmcontainerv2;',parameters('VMRG'),';',parameters('VMName'))]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"location": "[parameters('VMLocation')]",
"name": "[variables('BackupVaultRGName')]",
"properties": {},
"resources": [
{
"apiVersion": "2018-05-01",
"name": "[concat(parameters('VMName'), '-' , 'BackupIntent')]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[variables('BackupVaultRGName')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('BackupVaultRGName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "[concat(variables('BackupVaultName'),variables('BackupIntentConcat'))]",
"apiVersion": "2017-07-01",
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/backupProtectionIntent",
"properties": {
"protectionIntentItemType": "AzureResourceItem",
"policyId": "[resourceId(variables('BackupVaultRGName'),'Microsoft.RecoveryServices/vaults/backuppolicies', variables('BackupVaultName'), variables('BackupPolicyName'))]",
"sourceResourceId": "[resourceId(parameters('VMRG'),'Microsoft.Compute/virtualMachines', parameters('VMName'))]"
},
"dependsOn": [
"[resourceId(variables('BackupVaultRGName'),variables('BackupVaultRGName'),'Microsoft.RecoveryServices/vaults', variables('BackupVaultName'))]"
]
},
{
"type": "Microsoft.RecoveryServices/vaults",
"apiVersion": "2018-01-10",
"name": "[variables('BackupVaultName')]",
"location": "[parameters('VMLocation')]",
"sku": {
"name": "RS0",
"tier": "Standard"
},
"properties": {}
}
]
}
}
}
]
}
]
}
}
}
}
}
}
},
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/b99xxxxx-e44f-469f-b874-585a7b10eb58",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "b99xxxxx-e44f-469f-b874-585a7b10eb58"
}
我得到的错误如下。
无法评估具有定义“/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/b99xxxxx-e44f-469f-b874-585a7b10eb58/”和分配“/subscriptions/xxxxxxxx-xxxx-xxxx”的策略-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyAssignments/edxxxxx576044ecdaf510972/'。策略评估超过了最大允许时间。
我目前处于开发过程的第二次迭代。第一个是在资源组和恢复服务保管库已经存在的情况下使该策略起作用,这很好用。我当前的迭代是部署资源组和恢复服务保管库(如果它们不存在),然后将 VM 注册到备份策略中。这需要在嵌套部署中进行一些上下文切换,也许我在某个地方敲了一些东西。