0

我正在尝试创建一个 DeployIfNotExist 策略,该策略将自动在备份中注册虚拟机,这些备份将转到名为资源组的位置中的恢复服务保管库。政策代码似乎应该可以工作。这是它的...

{
  "properties": {
    "displayName": "Virtual Machine OS Backup",
    "policyType": "Custom",
    "mode": "All",
    "metadata": {
      "category": "Compute"
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.RecoveryServices/backupprotecteditems",
          "existenceCondition": {
            "allOf": [
              {
                "field": "name",
                "like": "*"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "parameters": {
                "VMName": {
                  "value": "[field('name')]"
                },
                "VMRG": {
                  "value": "[resourcegroup().name]"
                },
                "VMLocation": {
                  "value": "[field('location')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
                "contentVersion": "1.0.0.1",
                "parameters": {
                  "VMName": {
                    "type": "string"
                  },
                  "VMRG": {
                    "type": "string"
                  },
                  "VMLocation": {
                    "type": "string"
                  }
                },
                "variables": {
                  "BackupVaultRGName": "[concat('RGP-BACKUPS-', toUpper(parameters('VMLocation')))]",
                  "BackupVaultName": "[concat('rsv-backups-',toLower(parameters('VMLocation')))]",
                  "BackupPolicyName": "DefaultPolicy",
                  "BackupIntentConcat": "[concat('/Azure/vm;iaasvmcontainerv2;',parameters('VMRG'),';',parameters('VMName'))]"
                },
                "resources": [
                  {
                    "type": "Microsoft.Resources/resourceGroups",
                    "apiVersion": "2018-05-01",
                    "location": "[parameters('VMLocation')]",
                    "name": "[variables('BackupVaultRGName')]",
                    "properties": {},
                    "resources": [
                      {
                        "apiVersion": "2018-05-01",
                        "name": "[concat(parameters('VMName'), '-' , 'BackupIntent')]",
                        "type": "Microsoft.Resources/deployments",
                        "resourceGroup": "[variables('BackupVaultRGName')]",
                        "dependsOn": [
                          "[resourceId('Microsoft.Resources/resourceGroups', variables('BackupVaultRGName'))]"
                        ],
                        "properties": {
                          "mode": "Incremental",
                          "template": {
                            "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                            "contentVersion": "1.0.0.0",
                            "resources": [
                              {
                                "name": "[concat(variables('BackupVaultName'),variables('BackupIntentConcat'))]",
                                "apiVersion": "2017-07-01",
                                "type": "Microsoft.RecoveryServices/vaults/backupFabrics/backupProtectionIntent",
                                "properties": {
                                  "protectionIntentItemType": "AzureResourceItem",
                                  "policyId": "[resourceId(variables('BackupVaultRGName'),'Microsoft.RecoveryServices/vaults/backuppolicies', variables('BackupVaultName'), variables('BackupPolicyName'))]",
                                  "sourceResourceId": "[resourceId(parameters('VMRG'),'Microsoft.Compute/virtualMachines', parameters('VMName'))]"
                                },
                                "dependsOn": [
                                  "[resourceId(variables('BackupVaultRGName'),variables('BackupVaultRGName'),'Microsoft.RecoveryServices/vaults', variables('BackupVaultName'))]"
                                ]
                              },
                              {
                                "type": "Microsoft.RecoveryServices/vaults",
                                "apiVersion": "2018-01-10",
                                "name": "[variables('BackupVaultName')]",
                                "location": "[parameters('VMLocation')]",
                                "sku": {
                                  "name": "RS0",
                                  "tier": "Standard"
                                },
                                "properties": {}
                              }
                            ]
                          }
                        }
                      }
                    ]
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/b99xxxxx-e44f-469f-b874-585a7b10eb58",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b99xxxxx-e44f-469f-b874-585a7b10eb58"
}

我得到的错误如下。

无法评估具有定义“/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/b99xxxxx-e44f-469f-b874-585a7b10eb58/”和分配“/subscriptions/xxxxxxxx-xxxx-xxxx”的策略-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/policyAssignments/edxxxxx576044ecdaf510972/'。策略评估超过了最大允许时间。

我目前处于开发过程的第二次迭代。第一个是在资源组和恢复服务保管库已经存在的情况下使该策略起作用,这很好用。我当前的迭代是部署资源组和恢复服务保管库(如果它们不存在),然后将 VM 注册到备份策略中。这需要在嵌套部署中进行一些上下文切换,也许我在某个地方敲了一些东西。

4

1 回答 1

0

首先,我认为当您仅使用一个条件时,存在不必要的“allOf”。我也不会在部署部分做这么多的嵌套。

您的错误在此处描述:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#avoiding-template-failures

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists-evaluation

您如何看待重用它: https ://github.com/Azure/azure-quickstart-templates/blob/master/101-recovery-services-backup-vms/azuredeploy.json

于 2019-10-24T18:10:42.443 回答