Azure 自定義擴展 Blob 返回 403 禁止

Question

我嘗試運行自定義腳本以靜默方式將軟件安裝到我的 Windows Scaleset 這是我的配置 Arm 模板添加到 virtualMachineProfile 就像子資源到 ExtensionProfile 這里是代碼

 {   
       "name": "InstallSomeCoolStuffs",
        "properties":{
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.10",
        "autoUpgradeMinorVersion": true,
        "settings": {},
        "protectedSettings": {
        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File myscript.ps1",
        "managedIdentity": {},
        "fileUris": ["https://someblob.blob.core.windows.net/src/myscript.ps1"
          ]
       }
   }
},

問題是當我嘗試使用啟用的托管標識部署 ARM 模板並將貢獻者角色添加到存儲帳戶時失敗並顯示消息：

        "message": "VM has reported a failure when processing extension 'MyScript'. Error message: \"Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (403) Forbidden.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "

1. 試圖將 fileUris 移動到設置部分同樣的錯誤。
2. 不同的typeHandlerVersion 1.19,1.10,1.17。
3. 嘗試添加 {objectID:} ScaleSet 身份 ID 它僅在刪除托管身份並添加StoraceAccountName: StorageAccountKey:我缺少什么時才有效？

謝謝！

Answer 1

如果有人遇到同樣的問題，我找到了解決方案。

1. Make sure in the settings section is added fileUris and timestamp, timestamp is something like versioning on your script, every time you pass a larger integer will create a new version and trigger the script and you can check the output to Windows VM C:\Packages \Plugins\Microsoft.Compute.CustomScriptExtension\1.10.2\Status
2. 確保將存儲 Blob 數據讀取器角色分配添加到規模集標識