Azure ARM - DSC VM 配置
Posted
技术标签:
【中文标题】Azure ARM - DSC VM 配置【英文标题】:Azure ARM - DSC VM configuration 【发布时间】:2020-09-01 00:21:29 【问题描述】:我想使用 ARM 模板和 DSC 配置我的虚拟机。我在 powershell 中准备了简单的 DCS 脚本,基于使用 powershell 命令创建的 .zip 文件。提到 .zip 文件上传到存储帐户容器。现在我想使用这个 .zip 文件对我的测试虚拟机进行配置更改,位于我的 ARM 模板下方。我收到错误消息New-AzResourceGroupDeployment : 10:12:09 AM - VM has reported a failure when processing extension 'dscExtension'. Error message: "The DSC Extension failed to execute: Error downloading
https://storageAccountName.blob.core.windows.net/containerName/test.zip after 2 attempts: <?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource
does not exist.
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":
"vmName":
"type": "string",
"minLength": 1,
"metadata":
"description": "List of virtual machines to be reconfigured, if using multiple VMs, make their names comma separate. E.g. VM01, VM02, VM03."
,
"defaultValue": "VM1,VM2"
,
"Location":
"type": "string",
"metadata":
"description": "Location of the VM"
,
"defaultvalue": "WestEurope"
,
"functionName":
"type": "string",
"metadata":
"description": "Specify the function name"
,
"defaultvalue": "test.ps1\\testConfigurationName"
,
"storageAccountName":
"type": "string",
"metadata":
"description": "Specify the Storage Account name, Storage Account where DCS .zip module is located"
,
"setupScriptContainerName":
"type": "string",
"metadata":
"description": "Specify the Storage Account container name, container where DCS .zip module is located"
,
"DSCSetupArchiveFileName":
"type": "string",
"metadata":
"description": "Specify the Storage Account container name, container where DCS .zip module is located"
,
"defaultvalue": "test.zip"
,
"nodeConfigurationName":
"type": "string",
"metadata":
"description": "The name of the node configuration, on the Azure Automation DSC pull server, that this node will be configured as"
,
"defaultValue": "testConfigurationName.localhost"
,
"registrationKey":
"type": "securestring",
"metadata":
"description": "Registration key to use to onboard to the Azure Automation DSC pull/reporting server"
,
"defaultValue": "AutomationAccountPrimaryKey"
,
"registrationUrl":
"type": "string",
"metadata":
"description": "Registration url of the Azure Automation DSC pull/reporting server"
,
"defaultValue": AutomationAccountRegistrationURL"
,
"variables":
"vmListArray": "[split(parameters('vmName'),',')]"
,
"resources": [
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2015-06-15",
"name": "[concat(trim(variables('vmListArray')[copyIndex()]),'/dscExtension')]",
"copy":
"name": "ExtentionLooptoAllVMs",
"count": "[length(variables('vmListArray'))]"
,
"location": "[parameters('Location')]",
"properties":
"autoUpgradeMinorVersion": true,
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"protectedSettings":
"Items":
"registrationKeyPrivate": "[parameters('registrationKey')]"
,
"settings":
"ModulesUrl": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('setupScriptContainerName'),'/',parameters('DSCSetupArchiveFileName'))]",
"ConfigurationFunction": "[parameters('functionName')]",
"Properties": [
"Name": "RegistrationKey",
"Value":
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "PrivateSettingsRef:registrationKeyPrivate"
,
"TypeName": "System.Management.Automation.PSCredential"
,
"Name": "RegistrationUrl",
"Value": "[parameters('registrationUrl')]",
"TypeName": "System.String"
,
"Name": "NodeConfigurationName",
"Value": "[parameters('nodeConfigurationName')]",
"TypeName": "System.String"
]
]
更新版本:
"resources": [
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2018-10-01",
"name": "[concat(trim(variables('vmListArray')[copyIndex()]),'/dscExtension')]",
"copy":
"name": "ExtentionLooptoAllVMs",
"count": "[length(variables('vmListArray'))]"
,
"location": "[parameters('Location')]",
"properties":
"autoUpgradeMinorVersion": true,
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.9",
"protectedSettings":
"Items":
"registrationKeyPrivate": "[parameters('registrationKey')]"
,
"settings":
"configuration":
"url": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('setupScriptContainerName'),'/',parameters('DSCSetupArchiveFileName'))]",
"script": "[parameters('scriptName')]",
"function": "[parameters('functionName')]"
,
"Properties": [
"Name": "RegistrationKey",
"Value":
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "PrivateSettingsRef:registrationKeyPrivate"
,
"TypeName": "System.Management.Automation.PSCredential"
,
"Name": "RegistrationUrl",
"Value": "[parameters('registrationUrl')]",
"TypeName": "System.String"
,
"Name": "NodeConfigurationName",
"Value": "[parameters('nodeConfigurationName')]",
"TypeName": "System.String"
,
"Name": "ConfigurationMode",
"Value": "[parameters('configurationMode')]",
"TypeName": "System.String"
,
"Name": "ConfigurationModeFrequencyMins",
"Value": "[parameters('configurationModeFrequencyMins')]",
"TypeName": "System.Int32"
,
"Name": "RefreshFrequencyMins",
"Value": "[parameters('refreshFrequencyMins')]",
"TypeName": "System.Int32"
,
"Name": "RebootNodeIfNeeded",
"Value": "[parameters('rebootNodeIfNeeded')]",
"TypeName": "System.Boolean"
,
"Name": "ActionAfterReboot",
"Value": "[parameters('actionAfterReboot')]",
"TypeName": "System.String"
,
"Name": "AllowModuleOverwrite",
"Value": "[parameters('allowModuleOverwrite')]",
"TypeName": "System.Boolean"
]
]
DSC 部分:
Configuration SetRegistryxxx
Node 'localhost'
Registry configxxx
Ensure = "Present"
Key = "HKLM:\xx"
ValueName = "xx"
ValueData = "http://0.0.0.0:xxx
ValueType = "String"
Registry configxxx
Ensure = "Present"
Key = "HKLM:\xx"
ValueName = "xx"
ValueData = "http://0.0.0.0:xx"
ValueType = "String"
【问题讨论】:
【参考方案1】:根据错误,您无法从您使用的 Azure blob 存储帐户下载 zip 文件。请为 blob 或 set the blob access level to Public 创建一个 sas 令牌。
例如
"resources": [
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/Microsoft.Powershell.DSC')]",
"apiVersion": "2015-06-15",
"location": "[parameters('location')]",
"properties":
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.19",
"autoUpgradeMinorVersion": true,
"protectedSettings":
"Items":
"registrationKeyPrivate": "[parameters('registrationKey')]"
,
"settings":
"ModulesUrl": "<the url of you azure blob>",
"SasToken": "<the sas token for the blob>",
"ConfigurationFunction": "[parameters('configurationFunction')]",
...
]
更多详情请参考document和template
【讨论】:
嗨,Jim,事实上我的 blob 是私有的,我使用在门户中生成的 SAS 令牌,将 SAS 令牌属性添加到 ARM 模板。我也尝试使用旧式归档文件格式 - reg-dsc-config.ps1.zip,但仍然收到我之前提到的相同错误消息,我现在不知道出了什么问题,我检查了这个 ARM,结构几乎相同如您粘贴的链接 - “模板”。我使用了除“时间戳”之外的所有属性。在"ModulesUrl": 中,我使用的是标准 https:// 链接格式,而不是 blob SAS url 链接样式。
我也试过这个 - 在"ModulesUrl"字段中我粘贴了blob SAS url,结果收到不同的错误消息:"message": "VM has reported a failure when processing extension 'dscExtension'. Error message: \"The DSC Extension received an incorrect input: A parameter cannot be found that matches parameter name 'NodeConfigurationName'.\r\n\r\nAnother common error is to specify parameters of type PSCredential without an explicit type.
@tester81 关于这个问题,请参考github.com/MicrosoftDocs/azure-docs/issues/24784
嗨 Jim,我完全重建了我的 ARM 模板。在我的代码部分中将资源部分粘贴为“更新版本”。 ARM 模板完成且没有任何错误,ARM 在 VM 上安装 DSC 扩展,ARM 将节点添加到 AutomationAccount\DSC\Nodes 部分。问题是在虚拟机上没有任何变化,我的 .zip 格式的 DSC/ps1 脚本没有对虚拟机进行任何修改。
@tester81 请检查您是否创建了正确的 zip 文件:docs.microsoft.com/en-us/azure/virtual-machines/extensions/…。此外,您可以检查您的日志。日志位置是C:\WindowsAzure\Logs\Plugins\Extension_Name\Extension_Version。更多详情请参考docs.microsoft.com/en-us/azure/virtual-machines/extensions/…以上是关于Azure ARM - DSC VM 配置的主要内容,如果未能解决你的问题,请参考以下文章
是否可以通过 ARM 模板将分配的 Azure DSC 配置更新到 VM?
从 Azure ARM 模板 DSC 扩展,模块无法导入,因为在此系统上禁用了正在运行的脚本