通过 Azure CLI 创建 Azure Batch Pool 时如何指定托管服务标识?
[英]How do I specify a managed service identity when creating an Azure Batch Pool via the Azure CLI?
问题描述
I'm trying to create a batch pool via the az CLI as follows: az batch pool create --json-file foo.json .
我正在尝试通过az CLI 创建一个批处理池,如下所示: az batch pool create --json-file foo.json 。
The contents of foo.json are foo.json的内容是
{
"id": "testpool2",
"vmSize": "standard_d2s_v3",
"virtualMachineConfiguration": {
"imageReference": {
"publisher": "microsoftwindowsserver",
"offer": "windowsserver",
"sku": "2019-datacenter-core-with-containers-smalldisk",
"version": "latest"
},
"nodeAgentSKUId": "batch.node.windows amd64",
"windowsConfiguration": {
"enableAutomaticUpdates": false
},
"containerConfiguration": {
"type": "dockerCompatible",
"containerImageNames": [
"mcr.microsoft.com/windows/servercore:10.0.17763.2928-amd64"
]
},
"nodePlacementConfiguration": {
"policy": "Zonal"
}
},
"resizeTimeout": "PT15M",
"targetDedicatedNodes": 1,
"targetLowPriorityNodes": 0,
"enableAutoScale": false,
"enableInterNodeCommunication": false,
"networkConfiguration": {
"subnetId": "/subscriptions/path/to/my/subnet",
"dynamicVNetAssignmentScope": "none",
"publicIPAddressConfiguration": {
"provision": "BatchManaged"
}
},
"taskSlotsPerNode": 1,
"taskSchedulingPolicy": {
"nodeFillType": "Pack"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/path/to/my/user/assigned/identity": {}
}
}
}
This successfully creates the pool, but with a null identity property.这成功创建了池,但具有空identity属性。 Not surprisingly, any authentication relying on that user-assigned identity being in place fails.毫不奇怪,任何依赖于该用户分配身份的身份验证都会失败。
Per the documentation , the --json-file property accepts a JSON file that conforms to the REST API body.根据文档, --json-file属性接受符合 REST API 主体的 JSON 文件。 However, the REST API body does not contain a suitable identity block.但是,REST API 主体不包含合适的标识块。
I looked at the JSON that's POSTed to the REST API when creating the pool through the portal, and it looks very similar to what I have, except it's structured like this:在通过门户创建池时,我查看了发布到 REST API 的 JSON,它看起来与我所拥有的非常相似,除了它的结构如下:
"properties": {
"id": "id value",
...etc...
},
"identity": {
"type": "UserAssigned",
...etc...
}
Making my JSON match up with that request body results in a JSON parsing error.使我的 JSON 与该请求正文匹配会导致 JSON 解析错误。 The JSON I'm providing is syntactically correct, it just seems like it's expecting the contents of the properties section only.我提供的 JSON 在语法上是正确的,它似乎只需要properties部分的内容。
There's this existing question which has a terrible link-only answer to Microsoft Q&A , where the recommendation is to add an identity block that looks exactly like the one I'm providing.存在这个现有问题,它对Microsoft Q&A有一个糟糕的仅链接答案,建议添加一个与我提供的完全一样的identity块。 Please note that as far as I can tell this question is not a duplicate of that one -- they are receiving a different error, and they didn't explicitly state that they are using the Azure CLI, just that they're trying to use "JSON".请注意,据我所知,这个问题不是那个问题的重复——他们收到了一个不同的错误,他们没有明确声明他们正在使用 Azure CLI,只是说他们正在尝试使用“JSON”。
There doesn't seem to be any definitive documentation or examples of how to use the --json-file parameter with the Azure CLI to create a batch pool that uses a user-assigned identity.似乎没有任何明确的文档或示例说明如何将--json-file参数与 Azure CLI 一起使用来创建使用用户分配的标识的批处理池。 If it is possible, some guidance on how to accomplish it would be most welcome.如果可能的话,欢迎提供有关如何实现它的指导。
1 个解决方案
解决方案1
0 2022-12-23 09:25:06
After searching in vain for an answer to the same question, I posted a slight variation of the question on the MS support page and they came up with a working solution for our case, which seems to be near-identical to what has been asked here.在徒劳地寻找同一问题的答案后,我在 MS 支持页面上发布了该问题的细微变化,他们为我们的案例提出了一个可行的解决方案,这似乎与此处提出的问题几乎相同.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.