Azure ARM模板部署中的DSC配置數據參數

Question

我正在使用Azure REST API部署資源組並提供ARM模板。在虛擬機資源中，我有一個類型爲DSC的擴展。的代碼片段如下：

{ 
    "resources": [ 
    { 
     "name": "[concat(variables('VMName'),'/SetupScript')]", 
     "type": "Microsoft.Compute/virtualMachines/extensions", 
     "location": "[parameters('DNSLocation')]", 
     "apiVersion": "2015-05-01-preview", 
     "dependsOn": [ 
     "[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]" 
     ], 
     "tags": { 
     "displayName": "SetupScript" 
     }, 
     "properties": { 
     "publisher": "Microsoft.Powershell", 
     "type": "DSC", 
     "typeHandlerVersion": "1.7", 
     "settings": { 
      "modulesUrl": "[variables('SetupScriptConfigurationFile')]", 
      "sasToken": "", 
      "configurationFunction": "[variables('SetupScriptConfigurationFunction')]", 
      "properties": { 
      "DomainName": "[parameters('DomainName')]", 
      "DomainAdminUsername": "[parameters('VMAdminUsername')]", 
      "DomainAdminPassword": "[parameters('VMAdminPassword')]" 
      } 
     }, 
     "protectedSettings": { 

     } 
     } 
    } 
    ] 
} 

的DSC配置所調用的波紋管所示：

Configuration DNSConfig 
{ 
    param 
    ( 
     [string]$NodeName ='localhost', 
     [Parameter(Mandatory=$true)][string]$DomainName, 
     [Parameter(Mandatory=$true)][string]$DomainAdminUsername, 
     [Parameter(Mandatory=$true)][string]$DomainAdminPassword 
    ) 

    #Import the required DSC Resources 
    Import-DscResource -Module xComputerManagement 
    Import-DscResource -Module xActiveDirectory 

    $securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force; 
    $DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword); 

    Node $NodeName 
    { #ConfigurationBlock 

     WindowsFeature DSCService { 
      Name = "DSC-Service" 
      Ensure = "Present" 
      IncludeAllSubFeature = $true 
     } 

     WindowsFeature ADDSInstall 
     { 
      Ensure = 'Present' 
      Name = 'AD-Domain-Services' 
      IncludeAllSubFeature = $true 
     } 

     WindowsFeature RSATTools 
     { 
      DependsOn= '[WindowsFeature]ADDSInstall' 
      Ensure = 'Present' 
      Name = 'RSAT-AD-Tools' 
      IncludeAllSubFeature = $true 
     } 

     xADDomain SetupDomain { 
      DomainName= $DomainName 
      DomainAdministratorCredential= $DomainAdminCred 
      SafemodeAdministratorPassword= $DomainAdminCred 
      DependsOn='[WindowsFeature]RSATTools' 
     } 
    #End Configuration Block  
    } 
} 

，當我在本地運行DSC腳本，以成功生成該DSC腳本MOF文件我需要在哈希表中以通爲ConfigurationData像這樣：

$ConfigData = @{ 
    AllNodes = @(
     @{ 
      NodeName     = '*' 
      PSDscAllowPlainTextPassword = $true 
     } 
    ) 
} 

DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ... 

我現在的問題是，我想通過這種類型的ConfigurationData通過我首先展示的ARM模板。它甚至有可能嗎？如果不是，那麼我應該如何設置由VM擴展執行的DSC腳本的ConfigurationData？

謝謝！

Answer 1

通過您的配置數據DSC擴展需要將其保存到一個*的.psd1文件，例如：

C:\ PS> Get-Content C:\ConfigurationData.ps1 
    @{ 
     AllNodes = @(
      @{ 
       NodeName     = '*' 
       PSDscAllowPlainTextPassword = $true 
      } 
     ) 
    } 

然後這個文件上傳到您的虛擬機訪問的位置，並通過URI在模板的保護設置：

"protectedSettings": { 
     "DataBlobUri": "https://.../ConfigurationData.psd1" 
    } 

兩個建議不相關的原題：

• 在某些ARM部署期間，DSC擴展版本1.7可能會產生間歇性錯誤。我建議考慮看看Version 2.0

• 您可能希望將密碼加密，而不是使用PSDscAllowPlainTextPassword的。 DSC Extension使用Azure已經部署到VM的加密證書，因此設置加密非常簡單。更多信息here

Answer 2

這與see documentation新版本改變。

簡而言之，psd1必須與受保護的設置部分下的其他配置元素和SAS令牌位於同一級別。

"settings": { 
    "configurationData": { 
    "url": "https://foo.psd1" 
    } 
}, 
"protectedSettings": { 
    "configurationDataUrlSasToken": "?dataAcC355T0k3N" 
}