时间戳

首页 > 解决方案 > 使用 DSC 部署 Azure VM - 将参数传递给配置

azure - 使用 DSC 部署 Azure VM - 将参数传递给配置

问题描述

我正在通过自定义此处找到的 Azure 部署模板来开发我的第一个 AzureRM/DSC 模板项目:https ://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-automation-dsc

作为其中的一部分,我进行了修改WindowsIISServerConfig.ps1以添加一些 Windows 功能以及下载和安装证书的能力。问题是我不知道如何将证书的凭据传递到此配置中。

这是我的代码...如何传入$certPass参数?:

configuration WindowsIISServerConfig
{

    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [System.Management.Automation.PSCredential]
        $certPass
    )

    Import-DscResource -ModuleName 'xWebAdministration'
    Import-DscResource -ModuleName 'xPSDesiredStateConfiguration'
    Import-DscResource -ModuleName 'CertificateDsc'
    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'    

    WindowsFeature WebServer
    {
        Ensure  = 'Present'
        Name    = 'Web-Server'
    }

    WindowsFeature WebManagement
    {
        Ensure  = 'Present'
        Name    = 'Web-Mgmt-Console'
        DependsOn = '[WindowsFeature]WebServer'
    }

    WindowsFeature WebASPNet47
    {
        Ensure  = 'Present'
        Name    = 'Web-Asp-Net45'
        DependsOn = '[WindowsFeature]WebServer'
    }

    WindowsFeature WebNetExt
    {
        Ensure  = 'Present'
        Name    = 'Web-Net-Ext45'
        DependsOn = '[WindowsFeature]WebServer'
    }

    # IIS Site Default Settings
    xWebSiteDefaults SiteDefaults
    {
        ApplyTo                 = 'Machine'
        LogFormat               = 'IIS'
        LogDirectory            = 'C:\inetpub\logs\LogFiles'
        TraceLogDirectory       = 'C:\inetpub\logs\FailedReqLogFiles'
        DefaultApplicationPool  = 'DefaultAppPool'
        AllowSubDirConfig       = 'true'
        DependsOn               = '[WindowsFeature]WebServer'
    }

    # IIS App Pool Default Settings
    xWebAppPoolDefaults PoolDefaults
    {
       ApplyTo               = 'Machine'
       ManagedRuntimeVersion = 'v4.0'
       IdentityType          = 'ApplicationPoolIdentity'
       DependsOn             = '[WindowsFeature]WebServer'
    }

    # Get SSL cert file from Azure Storage using SAS URI
    xRemoteFile CertPfx
    {
        Uri = "https://example.blob.core.windows.net/resources/cert.pfx?sp=r&st=2019-06-02T22:00:11Z&se=2019-07-03T06:00:11Z&spr=https&sv=2018-03-28&sig=xxxxxx&sr=b"
        DestinationPath = "C:\temp\cert.pfx"
    }

    # Import the PFX file which was downloaded to local path
    PfxImport ImportCertPFX
    {
        Ensure     = "Present"
        DependsOn  = "[xRemoteFile]CertPfx"
        Thumbprint = "c124bf740b256316bd756g689140d6ff3dcdd65f"
        Path       = "c:\temp\cert.pfx"
        Location   = "LocalMachine"
        Store      = "WebHosting"
        Credential = $certPass
    }

}

标签: azurepowershellautomationdsc

解决方案

如果您使用模板,则可以按照示例进行操作。简而言之,您需要创建一个凭证变量:

    {
      "name": "[concat(parameters('accountName'), '/', parameters('variableName')) ]",
      "type": "microsoft.automation/automationAccounts/Variables",
      "apiVersion": "2015-01-01-preview",
      "tags": { },
      "dependsOn": [ xxx ],
      "properties": {
        "isEncrypted": 0,
        "type": "[parameters('variableType')]",
        "value": "[parameters('variableValue')]"
      }
    },

并在编译时引用它,如果您在代码中执行此操作,它将自动获取变量值:

$domainCreds = Get-AutomationPSCredential -Name 'domainCreds'

我认为,或者,您可以将它们传递给 properties.parameters 字段(描述),等等,您在谈论凭据,我不确定是否支持。

推荐阅读