1

我正在使用下面的 ARM 模板来创建应用程序网关。当我第一次部署它时,一切正常。当我重新部署它(作为同一环境中持续部署的一部分)时,它失败了,我看到之前存在的侦听器被删除,并且 SSL 证书也被删除。

是否有任何选项我可以根据标准更新 ARM 模板中存在的子资源,例如如果 SSL 证书已经存在,则不更新侦听器。我正在更新一些属性,例如在创建应用程序网关后创建规则和探测,而不是使用 ARM 模板。

ARM 模板供参考-

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "applicationgateway_platform": {
            "defaultValue": "",
            "type": "String",
            "maxLength": 6
        },
        "applicationgateway_location_shortname": {
            "defaultValue": "",
            "type": "String",
            "maxLength": 3
        },
        "applicationgateway_project": {
            "defaultValue": "",
            "type": "String",
            "maxLength": 6
        },
        "applicationgateway_environment": {
            "defaultValue": "",
            "type": "String",
            "maxLength": 7
        },
        "applicationgateway_uniqueid": {
            "defaultValue": "1",
            "type": "String",
            "maxLength": "1"
        },
        "vnetName": {
            "type": "string",
            "metadata": {
                "description": "Name of the Virtual Network"
            }
        },
        "subnetName": {
            "type": "string",
            "metadata": {
                "description": "Name of subnet"
            }
        },
        "vnetResourceGroup": {
            "type": "string",
            "defaultValue": "[resourceGroup().name]",
            "metadata": {
                "description": "Name of Resource group where Vnet and subnet resides"
            }
        },
        "applicationGatewayTier": {
            "type": "string",
            "allowedValues": [
                "Standard_v2",
                "WAF_v2"
            ],
            "defaultValue": "WAF_v2",
            "metadata": {
                "description": "application gateway tier"
            }
        },
        "frontendPort": {
            "type": "int",
            "defaultValue": 80,
            "metadata": {
                "description": "application gateway front end port"
            }
        },
        "secureFrontendPort": {
            "type": "int",
            "defaultValue": 443,
            "metadata": {
                "description": "application gateway secure front end port"
            }
        },
        "backendPort": {
            "type": "int",
            "defaultValue": 80,
            "metadata": {
                "description": "application gateway back end port"
            }
        },
        "applicationGatewayAutoScaleMinimumCapacity": {
            "type": "int",
            "defaultValue": 1,
            "metadata": {
                "description": "Minimum appgateway instance to be running always"
            }
        },
        "applicationGatewayAutoScaleMaximumCapacity": {
            "type": "int",
            "defaultValue": 10,
            "metadata": {
                "description": "Maximum appgateway instance that it can scale up."
            }
        }
    },
    "variables": {
        "basename": "[concat(parameters('applicationgateway_platform'), '-', parameters('applicationgateway_project'), '-', parameters('applicationgateway_location_shortname'), '-', parameters('applicationgateway_environment'))]",
        "applicationGatewayName": "[concat(variables('basename'), '-ag-', parameters('applicationgateway_uniqueid'))]",
        "publicIPAddressName": "[concat(variables('basename'),'-agip-',parameters('applicationgateway_uniqueid'))]",
        "subnetRef": "[concat(resourceId(parameters('vnetResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]",
        "publicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]",
        "webApplicationFirewallConfigurationProperties": {
            "enabled": true,
            "firewallMode": "Detection",
            "ruleSetType": "OWASP",
            "ruleSetVersion": "3.0"
        },
        "apiVersion": "2019-09-01"
    },
    "resources": [
        {
            "apiVersion": "[variables('apiVersion')]",
            "type": "Microsoft.Network/publicIPAddresses",
            "name": "[variables('publicIPAddressName')]",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "Standard"
            },
            "zones": [],
            "properties": {
                "publicIPAllocationMethod": "Static",
                "dnsSettings": {
                    "domainNameLabel": "[variables('applicationGatewayName')]"
                }
            }
        },
        {
            "apiVersion": "[variables('apiVersion')]",
            "name": "[variables('applicationGatewayName')]",
            "type": "Microsoft.Network/applicationGateways",
            "location": "[resourceGroup().location]",
            "dependsOn": [
                "[variables('publicIPRef')]"
            ],
            "properties": {
                "sku": {
                    "name": "[parameters('applicationGatewayTier')]",
                    "tier": "[parameters('applicationGatewayTier')]"
                },
                "gatewayIPConfigurations": [
                    {
                        "name": "appGatewayIpConfig",
                        "properties": {
                            "subnet": {
                                "id": "[variables('subnetRef')]"
                            }
                        }
                    }
                ],
                "frontendIPConfigurations": [
                    {
                        "name": "appGatewayFrontendIP",
                        "properties": {
                            "PublicIPAddress": {
                                "id": "[variables('publicIPRef')]"
                            }
                        }
                    }
                ],
                "frontendPorts": [
                    {
                        "name": "appGatewayFrontendPort",
                        "properties": {
                            "Port": "[parameters('frontendPort')]"
                        }
                    },
                    {
                        "name": "appGatewaySecurePort",
                        "properties": {
                            "Port": "[parameters('secureFrontendPort')]"
                        }
                    }
                ],
                "backendAddressPools": [
                    {
                        "name": "appGatewayBackendPool",
                        "properties": {
                            "BackendAddresses": []
                        }
                    }
                ],
                "backendHttpSettingsCollection": [
                    {
                        "name": "appGatewayBackendHttpSettings",
                        "properties": {
                            "Port": "[parameters('backendPort')]",
                            "Protocol": "Http",
                            "CookieBasedAffinity": "disabled",
                            "requestTimeout": 20
                        }
                    }
                ],
                "httpListeners": [
                    {
                        "name": "appGatewayHttpListener",
                        "properties": {
                            "FrontendIpConfiguration": {
                                "Id": "[concat(resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName')), '/frontendIPConfigurations/appGatewayFrontendIP')]"
                            },
                            "FrontendPort": {
                                "Id": "[concat(resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName')), '/frontendPorts/appGatewayFrontendPort')]"
                            },
                            "Protocol": "Http",
                            "SslCertificate": null
                        }
                    }
                ],
                "requestRoutingRules": [
                    {
                        "Name": "basicRule",
                        "properties": {
                            "RuleType": "Basic",
                            "httpListener": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName')), '/httpListeners/appGatewayHttpListener')]"
                            },
                            "backendAddressPool": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName')), '/backendAddressPools/appGatewayBackendPool')]"
                            },
                            "backendHttpSettings": {
                                "id": "[concat(resourceId('Microsoft.Network/applicationGateways', variables('applicationGatewayName')), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
                            }
                        }
                    }
                ],
                "enableHttp2": false,
                "sslCertificates": [],
                "probes": [],
                "autoscaleConfiguration": {
                    "minCapacity": "[parameters('applicationGatewayAutoScaleMinimumCapacity')]",
                    "maxCapacity": "[parameters('applicationGatewayAutoScaleMaximumCapacity')]"
                },
                "webApplicationFirewallConfiguration": "[if(equals(toUpper(parameters('applicationGatewayTier')), 'WAF_V2'), variables('webApplicationFirewallConfigurationProperties'), json('null'))]"
            }
        }
    ]
}
4

1 回答 1

2

默认情况下,资源管理器部署使用增量模式。在增量模式下,资源管理器保留资源组中存在但未在模板中指定的未更改资源。

但是,以增量模式重新部署现有资源时,结果会有所不同。指定资源的所有属性,而不仅仅是您要更新的属性。一个常见的误解是认为未指定的属性保持不变。如果您未指定某些属性,资源管理器会将更新解释为覆盖这些值。

因此,如果您希望在重新部署模板时保持某些属性不变,您可以在模板中指定某些属性(HTTPS 侦听器、HTTPS 规则、SSL 证书)。是一个端到端 SSL 的快速入门模板,您可以参考它的应用程序网关。

更新 Azure 资源管理器模板中的资源,您可以点击链接了解更多详细信息。

首先,您必须在模板中引用一次资源以创建它,然后以相同的名称引用资源以稍后更新它。但是,如果模板中的两个资源具有相同的名称,则资源管理器会引发异常。若要避免此错误,请在第二个模板中指定更新的资源,该模板使用 Microsoft.Resources/deployments 资源类型链接或包含为子模板。

其次,您必须指定要更改的现有属性的名称或要在嵌套模板中添加的属性的新名称。您还必须指定原始属性及其原始值。如果您未能提供原始属性和值,资源管理器会假定您要创建新资源并删除原始资源。

于 2019-11-21T07:24:05.940 回答