Powershell Azure ARM模板部署中的DSC ConfigurationData参数

我正在使用Azure REST API部署一个资源组，并提供ARM模板。在虚拟机资源中，我有一个类型为

DSC

的扩展。代码片段如下所示：

{
  "resources": [
    {
      "name": "[concat(variables('VMName'),'/SetupScript')]",
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "location": "[parameters('DNSLocation')]",
      "apiVersion": "2015-05-01-preview",
      "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
      ],
      "tags": {
        "displayName": "SetupScript"
      },
      "properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "1.7",
        "settings": {
          "modulesUrl": "[variables('SetupScriptConfigurationFile')]",
          "sasToken": "",
          "configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
          "properties": {
            "DomainName": "[parameters('DomainName')]",
            "DomainAdminUsername": "[parameters('VMAdminUsername')]",
            "DomainAdminPassword": "[parameters('VMAdminPassword')]"
          }
        },
        "protectedSettings": {

        }
      }
    }
  ]
}

正在调用的DSC配置如下所示：

Configuration DNSConfig
{ 
    param
    ( 
        [string]$NodeName ='localhost',  
        [Parameter(Mandatory=$true)][string]$DomainName,
        [Parameter(Mandatory=$true)][string]$DomainAdminUsername,
        [Parameter(Mandatory=$true)][string]$DomainAdminPassword
    ) 

    #Import the required DSC Resources  
    Import-DscResource -Module xComputerManagement 
    Import-DscResource -Module xActiveDirectory

    $securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
    $DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);

    Node $NodeName
    { #ConfigurationBlock

        WindowsFeature DSCService {
            Name = "DSC-Service"
            Ensure = "Present"
            IncludeAllSubFeature = $true
        }

        WindowsFeature ADDSInstall 
        {   
            Ensure = 'Present'
            Name = 'AD-Domain-Services'
            IncludeAllSubFeature = $true
        }

        WindowsFeature RSATTools 
        { 
            DependsOn= '[WindowsFeature]ADDSInstall'
            Ensure = 'Present'
            Name = 'RSAT-AD-Tools'
            IncludeAllSubFeature = $true
        }  

        xADDomain SetupDomain {
            DomainName= $DomainName
            DomainAdministratorCredential= $DomainAdminCred
            SafemodeAdministratorPassword= $DomainAdminCred
            DependsOn='[WindowsFeature]RSATTools'
        }
    #End Configuration Block    
    } 
}

在本地运行DSC脚本时，为了成功生成此DSC脚本的MOF文件，我需要为ConfigurationData传入哈希表，如下所示：

$ConfigData = @{
    AllNodes = @(
        @{
            NodeName                    = '*'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...

我现在的问题是，我想通过我首先展示的ARM模板传递这种类型的

ConfigurationData

。有可能吗？如果没有，那么应该如何设置VM扩展执行的DSC脚本的ConfigurationData？

---

谢谢

要将配置数据传递给DSC扩展，您需要将其保存到*.psd1文件中，例如：

    C:\ PS> Get-Content C:\ConfigurationData.ps1
     @{
        AllNodes = @(
            @{
                NodeName                    = '*'
                PSDscAllowPlainTextPassword = $true
            }
        )
    }

然后将此文件上载到可从VM访问的位置，并在模板的受保护设置中传递URI：

    "protectedSettings": {
        "DataBlobUri": "https://.../ConfigurationData.psd1"
    }

两个与您的原始问题无关的建议：

• 在某些ARM部署期间，DSC扩展的1.7版可能会产生间歇性错误。我建议你看看

• 您可能希望加密密码，而不是使用PSDscAllowPlainTextPassword。DSC扩展使用Azure已部署到VM的加密证书，因此设置加密非常简单。更多信息

---

这一点在较新版本中有所改变

简而言之，现在psd1必须与其他配置元素和SAS令牌位于受保护设置部分下的同一级别

"settings": {
  "configurationData": {
    "url": "https://foo.psd1"
  } 
},
"protectedSettings": {
  "configurationDataUrlSasToken": "?dataAcC355T0k3N"
}