Azure RM模板。從密鑰庫部署具有唯一密鑰的副本虛擬機

Question

我希望能夠通過每個虛擬機具有不同密碼的參數（通過複製實現）來指定VM的數量（例如，secret1用於VM1，secret2用於VM2等） 。）下面是複製VM模板的一個基本的例子：

{ 
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 
    "contentVersion": "1.0.0.0", 
    "parameters": { 
    "numberOfVMs": { 
     "type": "int", 
     "defaultValue": 1, 
     "minvalue": 1 
    }, 
    "vmAdminUserName": { 
     "type": "string", 
     "minLength": 1 
    }, 
     "vmAdminPassword": { 
      "type": "securestring" 
     } 
    }, 
    "variables": { 
    "storageAccountName": "[concat('stor567', uniqueString(resourceGroup().id))]", 
    "storageAccountType": "Standard_LRS", 
    "vmWindowsOSVersion": "2016-Datacenter", 
    "vnetPrefix": "10.0.0.0/16", 
    "vnetSubnet1Name": "Subnet-1", 
    "vnetSubnet1Prefix": "10.0.0.0/24", 
    "nicVnetID": "[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]", 
    "nicSubnetRef": "[concat(variables('nicVnetID'), '/subnets/', variables('vnetSubnet1Name'))]", 
    "vmImagePublisher": "MicrosoftWindowsServer", 
    "vmImageOffer": "WindowsServer", 
    "vmVmSize": "Standard_DS1_v2", 
    "vmVnetID": "[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]", 
    "vmSubnetRef": "[concat(variables('vmVnetID'), '/subnets/', variables('vnetSubnet1Name'))]", 
    "vmStorageAccountContainerName": "vhds" 
    }, 
    "resources": [ 
     { 
      "name": "[variables('storageAccountName')]", 
      "type": "Microsoft.Storage/storageAccounts", 
      "location": "[resourceGroup().location]", 
      "apiVersion": "2015-06-15", 
      "dependsOn": [ ], 
     "properties": { 
      "accountType": "[variables('storageAccountType')]" 
     } 
     }, 
     { 
      "name": "vnet", 
      "type": "Microsoft.Network/virtualNetworks", 
      "location": "[resourceGroup().location]", 
      "apiVersion": "2016-03-30", 
      "dependsOn": [ ], 
      "tags": { 
       "displayName": "vnet" 
      }, 
      "properties": { 
       "addressSpace": { 
        "addressPrefixes": [ 
         "[variables('vnetPrefix')]" 
        ] 
       }, 
       "subnets": [ 
        { 
         "name": "[variables('vnetSubnet1Name')]", 
         "properties": { 
          "addressPrefix": "[variables('vnetSubnet1Prefix')]" 
         } 
        } 
       ] 
      } 
     }, 
    { 
     "name": "[concat('NIC',copyindex())]", 
     "type": "Microsoft.Network/networkInterfaces", 
     "location": "[resourceGroup().location]", 
     "copy": { 
     "name": "nicLoop", 
     "count": "[parameters('numberOfVMs')]" 
     }, 
     "apiVersion": "2016-03-30", 
     "dependsOn": [ 
     "[resourceId('Microsoft.Network/virtualNetworks', 'vnet')]" 
     ], 
     "tags": { 
     "displayName": "nic" 
     }, 
     "properties": { 
     "ipConfigurations": [ 
      { 
      "name": "ipconfig1", 
      "properties": { 
       "privateIPAllocationMethod": "Dynamic", 
       "subnet": { 
       "id": "[variables('nicSubnetRef')]" 
       } 
      } 
      } 
     ] 
     } 
    }, 
    { 
     "name": "[concat('VM',copyindex())]", 
     "type": "Microsoft.Compute/virtualMachines", 
     "location": "[resourceGroup().location]", 
     "copy": { 
     "name": "virtualMachineLoop", 
     "count": "[parameters('numberOfVMs')]" 
     }, 
     "apiVersion": "2015-06-15", 
     "dependsOn": [ 
     "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", 
     "nicLoop" 
     ], 
     "tags": { 
     "displayName": "vm" 
     }, 
     "properties": { 
     "hardwareProfile": { 
      "vmSize": "[variables('vmVmSize')]" 
     }, 
     "osProfile": { 
      "computerName": "[concat('VM',copyindex())]", 
      "adminUsername": "[parameters('vmAdminUsername')]", 
      "adminPassword": "[parameters('vmAdminPassword')]" 
     }, 
     "storageProfile": { 
      "imageReference": { 
      "publisher": "[variables('vmImagePublisher')]", 
      "offer": "[variables('vmImageOffer')]", 
      "sku": "[variables('vmWindowsOSVersion')]", 
      "version": "latest" 
      }, 
      "osDisk": { 
      "name": "vmOSDisk", 
      "vhd": { 
       "uri": "[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob, variables('vmStorageAccountContainerName'), '/', 'VM',copyIndex(),'-','OSdisk.vhd')]" 
      }, 
      "caching": "ReadWrite", 
      "createOption": "FromImage" 
      } 
     }, 
     "networkProfile": { 
      "networkInterfaces": [ 
      { 
       "id": "[resourceId('Microsoft.Network/networkInterfaces', concat('NIC',copyindex()))]" 
      } 
      ] 
     } 
     } 
    }], 
    "outputs": {} 
} 

不過，我掙扎着從重點庫在模板中唯一的祕密使用密碼進行整合。如果我使用官方文檔中的示例Reference a secret with static id將爲每個虛擬機創建具有secret1的虛擬機。我不能換Reference a secret with dynamic id到嵌套模板，因爲這會爲虛擬機的每一個數字，我想再次部署和重新部署我的複製虛擬機。請幫我理解，這個挑戰如何解決？

Answer 1

鏈接：Parent和Nested。 我不確定這是你的意思（因爲我仍然認爲我很難理解你的問題）。

這些模板允許部署可變數量的虛擬機，並使用不同的keyvault密鑰作爲密碼。例如：

2的Windows虛擬機的一個祕密和3 Ubuntu的虛擬機與其他
1的Windows虛擬機有一個祕密和4 Ubuntu的虛擬機與其他

您可以輕鬆地擴展，爲其他圖像，像CentOS的。
正如您在查看模板後可能會看到的，我正在使用arrays和copyindex()來提供它們所屬的適當值。

告訴我，如果那不是你以後的樣子。要小心使用這些時，GitHub的原始鏈接使用某種形式的緩存，從GitHub這樣部署可能會爲你的錯誤不能正常工作，在這種情況下，只要使用我提供的鏈接（不RAW）複製到本地計算機，並上傳到一些像pastebin這樣的服務，並從那裏部署。