创建DevTest Labs VM时Azure管道密钥库问题

编程问答 2022-06-08

问题描述

我想通过管道流程创建Azure DevTest实验室VM。但是,当我开始部署时,它在“创建Azure DevTest Lab VM”步骤中失败,并且似乎是由于我的密钥库丢失所致。但是在检查了我的密钥库之后,我的秘密存储在其中了,并且权限应该没有问题。

不确定消息“未为用户设置秘密存储”。就是说,这是否意味着我的帐户和密钥库之间存在关联问题?我该如何验证?谢谢。

Run Pipeline Result

代理程序作业:创建DevTest Labs VM

Agent job: Create Devtest Lab VM

Win7entx64.json 

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion": "1.0.0.0","parameters": {
    "newVMName": {
        "defaultValue": "win7entx64","type": "String"
    },"labName": {
        "defaultValue": "my_lab","size": {
        "defaultValue": "Standard_A3","userName": {
        "defaultValue": "trendkj","password": {
        "type": "securestring","defaultValue": "[[[VmPassword]]"
    }
},"variables": {
    "labsubnetName": "[concat(variables('labVirtualNetworkName'),'subnet')]","labVirtualNetworkId": "[resourceId('Microsoft.DevTestLab/labs/virtualnetworks',parameters('labName'),variables('labVirtualNetworkName'))]","labVirtualNetworkName": "[concat('Dtl',parameters('labName'))]","vmId": "[resourceId ('Microsoft.DevTestLab/labs/virtualmachines',parameters('newVMName'))]","vmName": "[concat(parameters('labName'),'/',parameters('newVMName'))]"
},"resources": [
    {
        "type": "Microsoft.DevTestLab/labs/virtualmachines","apiVersion": "2018-10-15-preview","name": "[variables('vmName')]","location": "westus","properties": {
            "labVirtualNetworkId": "[variables('labVirtualNetworkId')]","notes": "Windows 7 Enterprise","galleryImageReference": {
                "offer": "windows-7","publisher": "microsoftwindowsdesktop","sku": "win7-enterprise","osType": "Windows","version": "latest"
            },"size": "[parameters('size')]","userName": "[parameters('userName')]","password": "[parameters('password')]","isAuthenticationWithSshKey": false,"labsubnetName": "[variables('labsubnetName')]","disallowPublicIpAddress": true,"storageType": "Standard","allowClaim": false
        }
    }
],"outputs": {
    "labVMId": {
        "type": "String","value": "[variables('vmId')]"
    }
}

}

我在密钥保管箱中的秘密

My secret in the Key Vault

密钥保管箱中的我的访问策略

My Access Policy in the Key Vault

解决方法

根据您对臂模板"defaultValue": "[[[VmPassword]]"中的键值的引用,您应该使用secret saved in DevTest Lab。页面如下所示。

enter image description here

如果您要按照问题所示在“密钥库”页面中使用机密,则手臂模板中的引用应如下所示:

"sqlAdministratorLoginPassword": {      
      "reference": {
          "keyVault": {
            "id": "/subscriptions/25abd97b-44a3-4092-8337-xxxx/resourceGroups/mykeyvault/providers/Microsoft.KeyVault/vaults/cmkvtest"
          },"secretName": "sqlpassword"
        }       
    }

关于此内容,请参阅此artifact的“ 3.将密钥密钥秘密添加到您的手臂模板”部分。

,

您是否缺少“]”?

[[[VmPassword]] --> [[[VmPassword]]]]

arm-templateazureazureazureazure-devtest-labsazure-pipelinescloud