Powershell Azure ARM模板部署中的DSC ConfigurationData参数
我正在使用Azure REST API部署一个资源组,并提供ARM模板。在虚拟机资源中,我有一个类型为Powershell Azure ARM模板部署中的DSC ConfigurationData参数,powershell,azure,azure-virtual-machine,dsc,azure-resource-manager,Powershell,Azure,Azure Virtual Machine,Dsc,Azure Resource Manager,我正在使用Azure REST API部署一个资源组,并提供ARM模板。在虚拟机资源中,我有一个类型为DSC的扩展。代码片段如下所示: { "resources": [ { "name": "[concat(variables('VMName'),'/SetupScript')]", "type": "Microsoft.Compute/virtualMachines/extensions", "location": "[parameters('D
DSC
的扩展。代码片段如下所示:
{
"resources": [
{
"name": "[concat(variables('VMName'),'/SetupScript')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('DNSLocation')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
],
"tags": {
"displayName": "SetupScript"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "1.7",
"settings": {
"modulesUrl": "[variables('SetupScriptConfigurationFile')]",
"sasToken": "",
"configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
"properties": {
"DomainName": "[parameters('DomainName')]",
"DomainAdminUsername": "[parameters('VMAdminUsername')]",
"DomainAdminPassword": "[parameters('VMAdminPassword')]"
}
},
"protectedSettings": {
}
}
}
]
}
正在调用的DSC配置如下所示:
Configuration DNSConfig
{
param
(
[string]$NodeName ='localhost',
[Parameter(Mandatory=$true)][string]$DomainName,
[Parameter(Mandatory=$true)][string]$DomainAdminUsername,
[Parameter(Mandatory=$true)][string]$DomainAdminPassword
)
#Import the required DSC Resources
Import-DscResource -Module xComputerManagement
Import-DscResource -Module xActiveDirectory
$securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
$DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);
Node $NodeName
{ #ConfigurationBlock
WindowsFeature DSCService {
Name = "DSC-Service"
Ensure = "Present"
IncludeAllSubFeature = $true
}
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
IncludeAllSubFeature = $true
}
WindowsFeature RSATTools
{
DependsOn= '[WindowsFeature]ADDSInstall'
Ensure = 'Present'
Name = 'RSAT-AD-Tools'
IncludeAllSubFeature = $true
}
xADDomain SetupDomain {
DomainName= $DomainName
DomainAdministratorCredential= $DomainAdminCred
SafemodeAdministratorPassword= $DomainAdminCred
DependsOn='[WindowsFeature]RSATTools'
}
#End Configuration Block
}
}
在本地运行DSC脚本时,为了成功生成此DSC脚本的MOF文件,我需要为ConfigurationData传入哈希表,如下所示:
$ConfigData = @{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...
我现在的问题是,我想通过我首先展示的ARM模板传递这种类型的ConfigurationData
。有可能吗?如果没有,那么应该如何设置VM扩展执行的DSC脚本的ConfigurationData?
谢谢 要将配置数据传递给DSC扩展,您需要将其保存到*.psd1文件中,例如:
C:\ PS> Get-Content C:\ConfigurationData.ps1
@{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
然后将此文件上载到可从VM访问的位置,并在模板的受保护设置中传递URI:
"protectedSettings": {
"DataBlobUri": "https://.../ConfigurationData.psd1"
}
两个与您的原始问题无关的建议:
- 在某些ARM部署期间,DSC扩展的1.7版可能会产生间歇性错误。我建议你看看
- 您可能希望加密密码,而不是使用PSDscAllowPlainTextPassword。DSC扩展使用Azure已部署到VM的加密证书,因此设置加密非常简单。更多信息
"settings": {
"configurationData": {
"url": "https://foo.psd1"
}
},
"protectedSettings": {
"configurationDataUrlSasToken": "?dataAcC355T0k3N"
}