Azure ARM模板和REST API
[英]Azure ARM Templates and REST API
问题描述
I'm trying to learn Azure Resource Templates and am trying to understand the workflow behind when to use them and when to use the REST API. 
我正在尝试学习Azure资源模板,并试图了解何时使用它们以及何时使用REST API的工作流。
My sense is that creating a Virtual Network and Subnets in Azure is a fairly uncommon occurance, once you get that set up as you want you don't modify it too frequently, you deploy things into that structure. 我的感觉是,在Azure中创建虚拟网络和子网的情况很少见,一旦完成设置并希望不要过于频繁地对其进行修改,便可以将其部署到该结构中。
So with regard to an ARM Template let's say I have a template with resources for VNET and Subnet. 因此,关于ARM模板,假设我有一个包含VNET和子网资源的模板。 To take the example from https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-template-walkthrough#virtual-network-and-subnet I might have: 要从https://docs.microsoft.com/zh-cn/azure/azure-resource-manager/resource-manager-template-walkthrough#virtual-network-and-subnet中获取示例,我可能需要:
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "10.0.0.0/24"
}
}
]
}
}
which I deploy to a Resource Group. 我将其部署到资源组。 Let's say I then add a Load Balancer and redeploy the template. 假设我然后添加了一个负载均衡器并重新部署了模板。 In this case the user then gets asked to supply the value for the vnetName parameter again and of course cannot supply the same value so we would end up with another VNET which is not what we want. 在这种情况下,然后要求用户再次提供vnetName参数的值,并且当然不能提供相同的值,因此我们最终将得到另一个我们不想要的VNET。
So is the workflow that you define your ARM Template (VNET, LBs, Subnets, NICs etc) in one go and then deploy? 那么,您是否一口气定义了ARM模板(VNET,LB,子网,NIC等)然后进行部署的工作流程? Then when you want to deploy VMs, Scale Sets etc you use the REST API to deploy then to the Resource Group / VNET Subnet? 然后,当您要部署VM,规模集等时,您使用REST API进行部署,然后再部署到资源组/ VNET子网吗? Or is there a way to incrementally build up an ARM Template and deploy it numerous times in a way that if a VNET already exists (for example) the user is not prompted to supply details for another one? 还是有一种方法可以逐步建立一个ARM模板并多次部署它,从而(例如)如果一个VNET已经存在,则不提示用户提供另一个模板的详细信息?
I've read around and seen incremental mode (default unless complete is specified) but not sure if this is relevant and if it is how to use it. 我已阅读并看到了增量模式(默认情况下,除非指定了complete),但不确定是否相关以及是否使用它。
Many thanks for any help! 非常感谢您的帮助!
Update 更新
OK so I can now use azure group deployment create -f azuredeploy.json -g ARM-Template-Tests -m Incremental and have modified the VNET resource in my template from 好的,所以我现在可以使用azure group deployment create -f azuredeploy.json -g ARM-Template-Tests -m Incremental并从以下位置修改了我模板中的VNET资源:
{
"apiVersion": "2016-09-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
to 至
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnet1Name')]",
"properties": {
"addressPrefix": "[parameters('subnet1Prefix')]"
}
},
{
"name": "[parameters('gatewaySubnet')]",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
},
but the subnets don't change. 但是子网不会改变。 Should they using azure group deployment create -f azuredeploy.json -g ARM-Template-Tests -m Incremental 他们是否应该使用azure group deployment create -f azuredeploy.json -g ARM-Template-Tests -m Incremental
3 个解决方案
解决方案1
2 已采纳 2017-01-06 15:43:29
I am going to piggy back on this Azure documentation . 我将使用此Azure 文档 。 Referencing appropriate section below: 参考下面的相应部分:
Incremental and complete deployments
When deploying your resources, you specify that the deployment is either an incremental update or a complete update.
With incremental deployment, Resource Manager
- leaves unchanged resources that exist in the resource group but are not specified in the template
- adds resources that are specified in the template but do not exist in the resource group
- does not reprovision resources that exist in the resource group in the same condition defined in the template
- reprovisions existing resources that have updated settings in the template
With complete deployment, Resource Manager:
- deletes resources that exist in the resource group but are not specified in the template
- adds resources that are specified in the template but do not exist in the resource group
- does not reprovision resources that exist in the resource group in the same condition defined in the template
- reprovisions existing resources that have updated settings in the template
To choose Incremental update or Complete update it depends on if you have resources that are in use. 要选择增量更新还是完整更新,取决于您是否有正在使用的资源。 If devops requirement is to always have resources in sync with what is defined in the json template then Complete Update mode should be used. 如果devops要求始终使资源与json模板中定义的资源保持同步,则应使用Complete Update模式。 The biggest benefit of using templates and source code for deploying resources is to prevent configuration drift and it is beneficial to use Complete Update mode. 使用模板和源代码部署资源的最大好处是可以防止配置漂移,并且使用Complete Update模式是有利的。
As for specifying the parameters if you specify in parameters file then you don't have to specify them again. 至于指定参数(如果在参数文件中指定),则不必再次指定它们。
解决方案2
1 2017-01-06 15:30:38
A new template can be deployed in incremental mode which would add new resources to the existing resource group. 可以以增量模式部署新模板,这会将新资源添加到现有资源组中。 Define only the new resources in the template, existing resources would not be altered. 在模板中仅定义新资源,现有资源将不会更改。
From powershell use the following cmdlet 从Powershell使用以下cmdlet
New-AzureRmResourceGroupDeployment -ResourceGroupName "YourResourceGroupName" -TemplateFile "path\\to\\template.json" -Mode Incremental -Force New-AzureRmResourceGroupDeployment -ResourceGroupName“ YourResourceGroupName” -TemplateFile“ path \\ to \\ template.json”-模式增量-Force
解决方案3
0 2017-01-06 17:47:17
My rule of thumb is for things that I want to tear down, or for things I want to replicate across Subscriptions, I use ARM templates. 我的经验法则是要删除的内容,或者要在订阅之间复制的内容,请使用ARM模板。
For example we want things in test environments, I just ARM it up, build on the scripts as developers request things ("Hey I need a cache", "Oh by the way I need to start using a Service Bus"), using incremental mode we can just push it out to Dev, then as we migrate up to different environments you just deploy to a different Subscription in Azure, and it should have everything ready to go. 例如,我们想要测试环境中的东西,我只是将其ARM起来,在开发人员要求的东西(“嘿,我需要缓存”,“哦,我需要开始使用服务总线”的方式)上基于脚本,使用增量式模式下,我们可以将其推出到Dev中,然后当我们迁移到不同的环境时,您只需将其部署到Azure中的其他订阅,它应该已准备就绪。
Also, we've started provisioning our own Cloud Load Test agents in a VMSS, a simple ARM template that's called by a build to scale up to x number of machines, then when done, we just trash the Resource Group. 另外,我们已经开始在VMSS中配置我们自己的Cloud Load Test代理,VMSS是一个简单的ARM模板,通过构建调用该模板,以扩展到x台机器,然后完成后,我们只是丢弃资源组。 It's repeatable and reliable, sure you can script it up, but as TFS has a task to deploy these things (also with schedules)... 它是可重复且可靠的,请确保您可以编写脚本,但是由于TFS负责部署这些内容(还包含时间表)...
One of the beautiful things I've come across is Key Vault, when you ARM it up and poke all the values from your service busses, storage accounts/whatevers, you can simply get the connection strings/keys/whatevers and put them straight into the Key Vault, so you never need to worry about it, and if you want to regenerate anything (say a dev wants to change the name of a cache or whatever, or accidentally posted the key to GitHub), just redeploy (often I'll just trash the whole Resource Group) and it updates the vault for you. 我遇到的一件美丽的事就是Key Vault,当您将其武装起来并从服务总线,存储帐户/任何东西中拨出所有值时,您只需获取连接字符串/密钥/任何东西并将它们直接放入Key Vault,因此您无需担心,如果您想重新生成任何内容(例如,开发人员想要更改缓存名称或其他名称,或者不小心将密钥发布到GitHub),只需重新部署(通常我是只会破坏整个资源组),并为您更新文件库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.