导出包含 VM 扩展的资源组Exporting Resource Groups that contain VM extensions

可以将 Azure 资源组导出到新的 Resource Manager 模板,然后重新部署该模板。Azure Resource Groups can be exported into a new Resource Manager template that can then be redeployed. 导出过程会对现有资源进行解释,并创建一个 Resource Manager 模板,该模板在部署后会生成类似的资源组。The export process interprets existing resources, and creates a Resource Manager template that when deployed results in a similar Resource Group. 针对包含虚拟机扩展的资源组使用资源组导出选项时,需考虑多个事项,例如扩展兼容性和受保护设置。When using the Resource Group export option against a Resource Group containing Virtual Machine extensions, several items need to be considered such as extension compatibility and protected settings.

本文档详细介绍在使用虚拟机扩展(包括支持的扩展的列表)时如何实施资源组导出过程,以及如何处理受保护的数据。This document details how the Resource Group export process works regarding virtual machine extensions, including a list of supported extensions, and details on handling secured data.

支持的虚拟机扩展Supported Virtual Machine Extensions

提供多种虚拟机扩展。Many Virtual Machine extensions are available. 并非所有扩展都可以使用“自动化脚本”功能导出到 Resource Manager 模板中。Not all extensions can be exported into a Resource Manager template using the "Automation Script" feature. 如果某个虚拟机扩展不受支持,则需通过手动方式将其重新放置到导出的模板中。If a virtual machine extension is not supported, it needs to be manually placed back into the exported template.

以下扩展可以使用自动化脚本功能导出。The following extensions can be exported with the automation script feature.

Acronis Backup、Acronis Backup Linux、Bg Info、BMC CTM Agent Linux、BMC CTM Agent Windows、Chef Client、自定义脚本、自定义脚本扩展、适用于 Linux 的自定义脚本、Datadog Linux 代理、Datadog Windows 代理、Docker 扩展、DSC 扩展、Dynatrace Linux、Dynatrace Windows、HPE Security Application Defender、IaaS Antimalware、IaaS Diagnostics、Linux Chef Client、Linux 诊断、OS Patching For Linux、Puppet 代理、Site 24x7 Apm Insight、Site 24x7 Linux Server、Site 24x7 Windows Server、Trend Micro DSA、Trend Micro DSA Linux、VM Access For Linux、适用于 Linux 的 VM 访问权限、VM Snapshot、VM Snapshot LinuxAcronis Backup, Acronis Backup Linux, Bg Info, BMC CTM Agent Linux, BMC CTM Agent Windows, Chef Client, Custom Script, Custom Script Extension, Custom Script for Linux, Datadog Linux Agent, Datadog Windows Agent, Docker Extension, DSC Extension, Dynatrace Linux, Dynatrace Windows, HPE Security Application Defender, IaaS Antimalware, IaaS Diagnostics, Linux Chef Client, Linux Diagnostic, OS Patching For Linux, Puppet Agent, Site 24x7 Apm Insight, Site 24x7 Linux Server, Site 24x7 Windows Server, Trend Micro DSA, Trend Micro DSA Linux, VM Access For Linux, VM Access For Linux, VM Snapshot, VM Snapshot Linux

导出资源组Export the Resource Group

要将资源组导出到可重用模板中,请完成以下步骤:To export a Resource Group into a reusable template, complete the following steps:

  1. 登录到 Azure 门户Sign in to the Azure portal
  2. 在“中心”菜单上,单击“资源组”On the Hub Menu, click Resource Groups
  3. 从列表中选择目标资源组Select the target resource group from the list
  4. 在“资源组”边栏选项卡中,单击“自动化脚本”In the Resource Group blade, click Automation Script

模板导出

Azure 资源管理器自动化脚本生成一个资源管理器模板、一个参数文件以及多个示例部署脚本(例如 PowerShell 和 Azure CLI)。The Azure Resource Manager automations script produces a Resource Manager template, a parameters file, and several sample deployment scripts such as PowerShell and Azure CLI. 目前可以使用下载按钮下载导出的模板、将其作为新模板添加到模板库,或使用部署按钮重新对其进行部署。At this point, the exported template can be downloaded using the download button, added as a new template to the template library, or redeployed using the deploy button.

配置受保护的设置Configure protected settings

许多 Azure 虚拟机扩展包括受保护的设置配置,用于加密敏感数据(例如凭据和配置字符串)。Many Azure virtual machine extensions include a protected settings configuration, that encrypts sensitive data such as credentials and configuration strings. 受保护的设置不可通过自动化脚本导出。Protected settings are not exported with the automation script. 可以根据需要将受保护的设置重新插入到导出的模板中。If necessary, protected settings need to be reinserted into the exported templated.

步骤 1 - 删除模板参数Step 1 - Remove template parameter

导出资源组时,会创建单个模板参数,为导出的受保护设置提供值。When the Resource Group is exported, a single template parameter is created to provide a value to the exported protected settings. 可以删除此参数。This parameter can be removed. 若要删除此参数,可通过参数列表查找并删除看起来类似于此 JSON 示例的参数。To remove the parameter, look through the parameter list and delete the parameter that looks similar to this JSON example.

"extensions_extensionname_protectedSettings": {
    "defaultValue": null,
    "type": "SecureObject"
}

步骤 2 - 获取受保护设置属性Step 2 - Get protected settings properties

由于每个受保护的设置都有一组必需的属性,因此需收集这些属性的列表。Because each protected setting has a set of required properties, a list of these properties need to be gathered. 可以在 GitHub 上的 Azure 资源管理器架构中找到受保护设置配置的每个参数。Each parameter of the protected settings configuration can be found in the Azure Resource Manager schema on GitHub. 此架构仅包括本文档概述部分列出的扩展的参数集。This schema only includes the parameter sets for the extensions listed in the overview section of this document.

从架构存储库中搜索所需的扩展(在本示例中为 IaaSDiagnostics)。From within the schema repository, search for the desired extension, for this example IaaSDiagnostics. 找到扩展的 protectedSettings 对象以后,记下每个参数。Once the extensions protectedSettings object has been located, take note of each parameter. IaasDiagnostic 扩展为例,所需参数为 storageAccountNamestorageAccountKeystorageAccountEndPointIn the example of the IaasDiagnostic extension, the require parameters are storageAccountName, storageAccountKey, and storageAccountEndPoint.

"protectedSettings": {
    "type": "object",
    "properties": {
        "storageAccountName": {
            "type": "string"
        },
        "storageAccountKey": {
            "type": "string"
        },
        "storageAccountEndPoint": {
            "type": "string"
        }
    },
    "required": [
        "storageAccountName",
        "storageAccountKey",
        "storageAccountEndPoint"
    ]
}

步骤 3 - 重新创建受保护的配置Step 3 - Re-create the protected configuration

在导出的模板中,搜索 protectedSettings 并将导出的受保护设置对象替换为新的对象,其中包括所需的扩展参数以及每个参数的值。On the exported template, search for protectedSettings and replace the exported protected setting object with a new one that includes the required extension parameters and a value for each one.

IaasDiagnostic 扩展为例,新的受保护设置配置将如以下示例所示:In the example of the IaasDiagnostic extension, the new protected setting configuration would look like the following example:

"protectedSettings": {
    "storageAccountEndPoint": "https://core.chinacloudapi.cn/",
    "storageAccountName": "[parameters('storageAccountName')]",
    "storageAccountKey": "[parameters('storageAccountKey')]",
    "storageAccountEndPoint": "https://core.chinacloudapi.cn"
}

最终的扩展资源看起来类似于以下 JSON 示例:The final extension resource looks similar to the following JSON example:

{
    "name": "Microsoft.Insights.VMDiagnosticsSettings",
    "type": "extensions",
    "location": "[resourceGroup().location]",
    "apiVersion": "[variables('apiVersion')]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]"
    ],
    "tags": {
        "displayName": "AzureDiagnostics"
    },
    "properties": {
        "publisher": "Microsoft.Azure.Diagnostics",
        "type": "IaaSDiagnostics",
        "typeHandlerVersion": "1.5",
        "autoUpgradeMinorVersion": true,
        "settings": {
            "xmlCfg": "[base64(concat(variables('wadcfgxstart'), variables('wadmetricsresourceid'), variables('vmName'), variables('wadcfgxend')))]",
            "storageAccount": "[parameters('existingdiagnosticsStorageAccountName')]"
        },
        "protectedSettings": {
            "storageAccountEndPoint": "https://core.chinacloudapi.cn/",
            "storageAccountName": "[parameters('storageAccountName')]",
            "storageAccountKey": "[parameters('storageAccountKey')]",
            "storageAccountEndPoint": "https://core.chinacloudapi.cn"
        }
    }
}

如果使用模板参数提供属性值,则需创建这些参数。If using template parameters to provide property values, these need to be created. 为受保护的设置值创建模板参数时,请确保使用 SecureString 参数类型,以便保护敏感值。When creating template parameters for protected setting values, make sure to use the SecureString parameter type so that sensitive values are secured. 如需详细了解如何使用参数,请参阅创作 Azure 资源管理器模板For more information on using parameters, see Authoring Azure Resource Manager templates.

IaasDiagnostic 扩展为例,会在 Resource Manager 模板的参数部分创建以下参数。In the example of the IaasDiagnostic extension, the following parameters would be created in the parameters section of the Resource Manager template.

"storageAccountName": {
    "defaultValue": null,
    "type": "SecureString"
},
"storageAccountKey": {
    "defaultValue": null,
    "type": "SecureString"
}

目前可以使用任何模板部署方法部署此模板。At this point, the template can be deployed using any template deployment method.