堆棧內存溢出
  簡體   English   中英

Azure自定義擴展策略

[英]Azure Custom Extension Policy

 原文  2019-03-19 13:35:55       json/ azure/ azure-policy

問題描述

我正在創建一個自定義策略,通過部署擴展來強制所有具有來自某個資源組的映像的VM加入域。

我遇到了一個問題,它沒有工作,它一直說我沒有權限,即使我將用戶名和密碼硬編碼到變量中。 

 { "if": { "allOf": [ { "field": "type", "in": [ "Microsoft.Compute/virtualMachines", "Microsoft.Compute/VirtualMachineScaleSets" ] }, { "field": "Microsoft.Compute/imageId", "contains": "resourceGroups/Templates" } ] }, "then": { "effect": "deployIfNotExists", "details": { "name": "Microsoft.PowerShell", "type": "Microsoft.Compute/virtualMachines/extensions", "existenceCondition": { "allOf": [ { "field": "Microsoft.Compute/virtualMachines/extensions/type", "equals": "CustomScriptExtension" }, { "field": "Microsoft.Compute/virtualMachines/extensions/publisher", "equals": "Microsoft.PowerShell" } ] }, "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "vmName": { "type": "string" }, "location": { "type": "string" } }, "variables": { "domainJoinUserName": "", "domainJoinUserPassword": "", "domainFQDN": "myDomain.com", "domainJoinOptions": 3 }, "resources": [ { "comments": "Join domain - JsonADDomainExtension", "apiVersion": "2015-06-15", "type": "Microsoft.Compute/virtualMachines/extensions", "name": "[concat(trim(parameters('vmName')[copyIndex()]),'/joindomain')]", "location": "[parameters('location')]", "copy": { "name": "vmDomainJoinCopy", "count": "[length(parameters('vmName'))]" }, "properties": { "publisher": "Microsoft.Compute", "type": "JsonADDomainExtension", "typeHandlerVersion": "1.3", "autoUpgradeMinorVersion": true, "settings": { "Name": "[variables('domainFQDN')]", "User": "[variables('domainJoinUserName')]", "Restart": "true", "Options": "[variables('domainJoinOptions')]" }, "protectedSettings": { "Password": "[variables('domainJoinUserPassword')]" } } } ] } } } } } }

1 個解決方案

解決方案1
 0 已采納  2019-03-20 09:00:54

這是一個非常詳細的Azure策略,用於將VM加入域並且它對我有用。請檢查並查看是否有幫助: 

 { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines" }, { "anyOf": [ { "field": "Microsoft.Compute/imageId", "in": "[parameters('listOfImageIdToInclude')]" }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftWindowsServer" }, { "field": "Microsoft.Compute/imageOffer", "equals": "WindowsServer" }, { "field": "Microsoft.Compute/imageSKU", "in": [ "2008-R2-SP1", "2008-R2-SP1-smalldisk", "2012-Datacenter", "2012-Datacenter-smalldisk", "2012-R2-Datacenter", "2012-R2-Datacenter-smalldisk", "2016-Datacenter", "2016-Datacenter-Server-Core", "2016-Datacenter-Server-Core-smalldisk", "2016-Datacenter-smalldisk", "2016-Datacenter-with-Containers", "2016-Datacenter-with-RDSH" ] } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftWindowsServer" }, { "field": "Microsoft.Compute/imageOffer", "equals": "WindowsServerSemiAnnual" }, { "field": "Microsoft.Compute/imageSKU", "in": [ "Datacenter-Core-1709-smalldisk", "Datacenter-Core-1709-with-Containers-smalldisk", "Datacenter-Core-1803-with-Containers-smalldisk" ] } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftWindowsServerHPCPack" }, { "field": "Microsoft.Compute/imageOffer", "equals": "WindowsServerHPCPack" } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftSQLServer" }, { "anyOf": [ { "field": "Microsoft.Compute/imageOffer", "like": "*-WS2016" }, { "field": "Microsoft.Compute/imageOffer", "like": "*-WS2016-BYOL" }, { "field": "Microsoft.Compute/imageOffer", "like": "*-WS2012R2" }, { "field": "Microsoft.Compute/imageOffer", "like": "*-WS2012R2-BYOL" } ] } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftRServer" }, { "field": "Microsoft.Compute/imageOffer", "equals": "MLServer-WS2016" } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftVisualStudio" }, { "field": "Microsoft.Compute/imageOffer", "in": [ "VisualStudio", "Windows" ] } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftDynamicsAX" }, { "field": "Microsoft.Compute/imageOffer", "equals": "Dynamics" }, { "field": "Microsoft.Compute/imageSKU", "equals": "Pre-Req-AX7-Onebox-U8" } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "microsoft-ads" }, { "field": "Microsoft.Compute/imageOffer", "equals": "windows-data-science-vm" } ] }, { "allOf": [ { "field": "Microsoft.Compute/imagePublisher", "equals": "MicrosoftWindowsDesktop" }, { "field": "Microsoft.Compute/imageOffer", "equals": "Windows-10" } ] } ] } ] }, "then": { "effect": "deployIfNotExists", "details": { "type": "Microsoft.Compute/virtualMachines/extensions", "roleDefinitionIds": [ "/providers/microsoft.authorization/roleDefinitions/" ], "existenceCondition": { "allOf": [ { "field": "Microsoft.Compute/virtualMachines/extensions/type", "equals": "JsonADDomainExtension" }, { "field": "Microsoft.Compute/virtualMachines/extensions/publisher", "equals": "Microsoft.Compute" }, { "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState", "equals": "Succeeded" } ] }, "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "ouPath": { "type": "string" }, "domainFQDN": { "type": "string" }, "vmName": { "type": "string" }, "location": { "type": "string" } }, "variables": { "domainJoinOptions": 131075 }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", "comments": "Join domain - JsonADDomainExtension", "name": "[concat(parameters('vmName'), '/JsonADDomainExtension')]", "apiVersion": "2018-06-01", "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.Compute", "type": "JsonADDomainExtension", "typeHandlerVersion": "1.3", "autoUpgradeMinorVersion": true, "settings": { "Name": "[parameters('domainFQDN')]", "User": "username", "Restart": "true", "Options": "[variables('domainJoinOptions')]", "OUPath": "[parameters('ouPath')]" }, "protectedSettings": { "Password": "Password" } } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]" } } }, "parameters": { "vmName": { "value": "[field('name')]" }, "location": { "value": "[field('location')]" }, "ouPath": { "value": "[parameters('ouPath')]" }, "domainFQDN": { "value": "[parameters('domainFQDN')]" } } } } } } }

確保您傳遞了正確的用戶名和密碼。

另外,您可以參考本文以獲取相同的請求。

https://blogs.msdn.microsoft.com/igorpag/2016/01/25/azure-arm-vm-domain-join-to-active-directory-domain-with-joindomain-extension/

希望能幫助到你。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Azure自定義腳本擴展永遠無法完成部署 如何將多個參數傳遞到 Azure RM 模板自定義腳本擴展 打開防火牆的 Azure 策略 使用 Terraform 創建 Azure 策略 對標簽強制執行的自定義策略 如何在Azure策略中准備JSON Azure 策略部署使用 Powershell 設置Azure位置策略限制 Azure 策略不拒絕創建路由 嘗試通過JSON模板自定義擴展將powershell命令注入到Azure RM VM中
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM