ARM模板DSC：配置未“看到” protectedSettings.configurationArguments

Question

我需要保護DSC配置參數（[pscredential] RegistrationKey），因此將其放在“ settings.protectedSettings.configurationData”下，因此：

"protectedSettings": {
                "configurationArguments": {
                  "RegistrationKey": {
                    "UserName": "PLACEHOLDER_DONOTUSE",
                    "Password": "[parameters('dscAutomationRegistrationKey')]"
                  }
                },
                "configurationUrlSasToken": "[parameters('artifactsLocationSasToken')]"
              }

我得到錯誤：

"VM has reported a failure when processing extension 'Microsoft.Powershell.DSC'. Error message: \"The DSC Extension failed to execute: Mandatory 
parameter RegistrationKey is missing.

如果我將RegistrationKey從“ settings.protectedSettings.configurationArguments ”中移到“ settings.configurationArguments ”中，則可以正常工作，因此，我認為語法沒有問題，因此我認為這與PsDscAllowPlainTextPassword = $true有關未包含在DSC配置中。

（我試圖將配置塊包含在PS1文件中，但這引發了錯誤，表明無法完成此操作）

我現在編寫了一個configurationdata .psd1文件，其中包含以下內容：

$ConfigData = @{
   AllNodes = @(
      @{
        NodeName = "*"
        PsDscAllowPlainTextPassword = $true 
       }
   )
}

並在settings.configurationdata.url引用了它。

現在，這將導致與以前相同的錯誤：VM報告了故障...

從PowerShell調用ARM模板：

$oAutomationAccount = Get-AzureRmAutomationAccount -ResourceGroupName $AAresourceGroupName -Name $AutomationAccountName
$RegistrationInfo = $oAutomationAccount | Get-AzureRmAutomationRegistrationInfo

$DscRegKeyString = $RegistrationInfo.PrimaryKey
$ssDscAutomationRegistrationKey = (ConvertTo-SecureString -string $DscRegKeyString -AsPlainText -Force)

#Automation Account EndPoint Uri
$DscRegistrationUrl = $RegistrationInfo.Endpoint
$params = @{
    artifactsLocationSasToken = $TemplateSas
    vmName = "XYZ"
    dscAutomationRegistrationKey = $ssDscAutomationRegistrationKey
    dscAutomationRegistrationUrl = $DscRegistrationUrl
    dscNodeConfigurationName = "CreateAFolder.localhost"
    dscTimeStamp = (Get-Date -f "MM/dd/yyyy H:mm:ss tt") #"MM/dd/yyyy H:mm:ss tt"
    dscResourceUrl = $DscResourceUrl
    dscConfigurationUrl = $DscConfigurationUrl
    dscResourceScript = $DscResourceScriptName
    dscResourceFunction = "ConfigureLCMforAAPull"
    #sequenceId = $sequenceId
}

New-AzureRmResourceGroupDeployment @params `
                                  -Name "$TemplateInstance-$branch" `
                                  -ResourceGroupName $DeploymentResourceGroup.ResourceGroupName `
                                  -Mode Incremental `
                                  -DeploymentDebugLogLevel All `
                                  -TemplateUri $TemplateUri `
                                  -Verbose

我認為參數將以正確的類型傳遞。

我究竟做錯了什么？

參考模板： https : //github.com/Azure/azure-quickstart-templates/blob/master/dsc-extension-azure-automation-pullserver/azuredeploy.json

已更新以使用更新的DSC架構： https : //blogs.msdn.microsoft.com/powershell/2016/02/26/arm-dsc-extension-settings/

Answer 1

這是我一直用於節點入職的模板：

{
    "name": "xxx",
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "[parameters('location')]",
    "apiVersion": "2015-06-15",
    "dependsOn": [
        "xxx"
    ],
    "properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "2.22",
        "autoUpgradeMinorVersion": false,
        "protectedSettings": {
            "Items": {
                "registrationKeyPrivate": "[parameters('registrationData')]"
            }
        },
        "settings": {
            "ModulesUrl": "https://github.com/Azure/azure-quickstart-templates/raw/master/dsc-extension-azure-automation-pullserver/UpdateLCMforAAPull.zip",
            "SasToken": "",
            "ConfigurationFunction": "UpdateLCMforAAPull.ps1\\ConfigureLCMforAAPull",
            "Properties": [
                {
                    "Name": "RegistrationKey",
                    "Value": {
                        "UserName": "PLACEHOLDER_DONOTUSE",
                        "Password": "PrivateSettingsRef:registrationKeyPrivate"
                    },
                    "TypeName": "System.Management.Automation.PSCredential"
                },
                {
                    "Name": "RegistrationUrl",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "NodeConfigurationName",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationMode",
                    "Value": "ApplyAndMonitor",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationModeFrequencyMins",
                    "Value": 15,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RefreshFrequencyMins",
                    "Value": 30,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RebootNodeIfNeeded",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "ActionAfterReboot",
                    "Value": "ContinueConfiguration",
                    "TypeName": "System.String"
                },
                {
                    "Name": "AllowModuleOverwrite",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "Timestamp",
                    "Value": "MM/dd/yyyy H:mm:ss tt",
                    "TypeName": "System.String"
                }
            ]
        }
    }
}

我知道它使用的是舊格式，但是可以，嗯。

ARM模板DSC：配置未“看到” protectedSettings.configurationArguments

問題描述

1 個解決方案

解決方案1
0 2017-06-13 11:01:17

ARM模板DSC：配置未“看到” protectedSettings.configurationArguments

問題描述

1 個解決方案

解決方案1 0 2017-06-13 11:01:17

解決方案1
0 2017-06-13 11:01:17