本文介绍如何使用 Azure 资源管理器模板(ARM 模板)将 虚拟机(VM)扩展 部署到已启用 Azure Arc 的服务器。
若要使用 ARM 模板将扩展部署到已启用 Arc 的服务器,请将扩展添加到模板,并使用模板部署执行它们。 可以使用 Azure PowerShell 在 Linux 或 Windows 连接的计算机上部署扩展。
本文介绍如何使用模板文件将多个不同的 VM 扩展部署到已启用 Arc 的服务器,以及一些扩展的单独参数文件。 在部署之前,将示例中的示例值替换为自己的值。
这些示例 PowerShell 命令根据 ARM 模板中的信息,在资源组中的所有已连接计算机上安装扩展。 该命令使用 TemplateFile 参数来指定模板。 如果需要参数文件, TemplateParameterFile 则包含参数以指定包含参数和参数值的文件。 将占位符替换为部署的相应值。
若要部署 ARM 模板和参数文件,请使用以下命令,将示例值替换为你自己的值:
New-AzResourceGroupDeployment -ResourceGroupName "<resource-group-name>" -TemplateFile "<template-filename.json>" -TemplateParameterFile "<parameter-filename.json>"
例如:
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\AzureMonitorAgent.json" -TemplateParameterFile "D:\Azure\Templates\AzureMonitorAgentParms.json"
若要在没有参数文件的情况下部署 ARM 模板,请使用以下命令,将示例值替换为你自己的值:
New-AzResourceGroupDeployment -ResourceGroupName "<resource-group-name>" -TemplateFile "<template-filename.json>>"
例如:
New-AzResourceGroupDeployment -ResourceGroupName "<ContosoEngineering>" -TemplateFile "D:\Azure\Templates\DependencyAgent.json"
若要部署 Azure Monitor 代理,请使用以下示例模板之一在 Linux 或 Windows 上安装代理。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/AzureMonitorLinuxAgent')]",
"type": "Microsoft.Compute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2021-11-01",
"properties": {
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorLinuxAgent",
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/AzureMonitorWindowsAgent')]",
"type": "Microsoft.Compute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2021-11-01",
"properties": {
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorWindowsAgent",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
此参数文件可用于 Linux 和 Windows。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"value": "<vmName>"
},
"location": {
"value": "<region>"
},
"workspaceId": {
"value": "<MyWorkspaceID>"
},
"workspaceKey": {
"value": "<MyWorkspaceKey>"
}
}
}
保存模板和参数文件,并使用部署的适当值编辑参数文件。 然后,通过运行本文前面找到的 PowerShell 部署命令 ,将 Azure Monitor 代理扩展安装到已连接的计算机。
若要使用自定义脚本扩展,请为 Linux 和 Windows 部署以下示例模板之一。 有关自定义脚本扩展的信息,请参阅 适用于 Linux 的自定义脚本扩展 或 适用于 Windows 的自定义脚本扩展。 在将此扩展与混合计算机一起使用时,应了解一些不同的特征:
- Azure VM 自定义脚本扩展支持的作系统列表不适用于已启用 Azure Arc 的服务器。 请参阅已启用 Azure Arc 的服务器支持的操作系统列表。
- 有关通过经典部署模型创建的 Azure 虚拟机规模集或 VM 的配置详细信息不适用。
- 如果计算机需要在外部下载脚本并且只能通过代理服务器进行通信,则需要配置已连接的计算机代理来设置代理服务器环境变量。
自定义脚本扩展配置指定脚本位置和要运行命令等设置。 此配置在以下模板中指定。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "array"
},
"commandToExecute": {
"type": "securestring"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScript')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"autoUpgradeMinorVersion": true,
"settings": {},
"protectedSettings": {
"commandToExecute": "[parameters('commandToExecute')]",
"fileUris": "[parameters('fileUris')]"
}
}
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "string"
},
"arguments": {
"type": "securestring",
"defaultValue": " "
}
},
"variables": {
"UriFileNamePieces": "[split(parameters('fileUris'), '/')]",
"firstFileNameString": "[variables('UriFileNamePieces')[sub(length(variables('UriFileNamePieces')), 1)]]",
"firstFileNameBreakString": "[split(variables('firstFileNameString'), '?')]",
"firstFileName": "[variables('firstFileNameBreakString')[0]]"
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": "[split(parameters('fileUris'), ' ')]"
},
"protectedSettings": {
"commandToExecute": "[concat ('powershell -ExecutionPolicy Unrestricted -File ', variables('firstFileName'), ' ', parameters('arguments'))]"
}
}
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"basics": [
{}
],
"steps": [
{
"name": "customScriptExt",
"label": "Add Custom Script Extension",
"elements": [
{
"name": "fileUris",
"type": "Microsoft.Common.FileUpload",
"label": "Script files",
"toolTip": "The script files that will be downloaded to the virtual machine.",
"constraints": {
"required": false
},
"options": {
"multiple": true,
"uploadMode": "url"
},
"visible": true
},
{
"name": "commandToExecute",
"type": "Microsoft.Common.TextBox",
"label": "Command",
"defaultValue": "sh script.sh",
"toolTip": "The command to execute, for example: sh script.sh",
"constraints": {
"required": true
},
"visible": true
}
]
}
],
"outputs": {
"vmName": "[vmName()]",
"location": "[location()]",
"fileUris": "[steps('customScriptExt').fileUris]",
"commandToExecute": "[steps('customScriptExt').commandToExecute]"
}
}
}
保存模板和参数文件,并使用部署的适当值编辑参数文件。 然后,通过运行本文前面找到的 PowerShell 部署命令 ,将自定义脚本扩展安装到连接的计算机上。
若要使用 Azure Monitor 依赖项代理扩展,请针对 Linux 和 Windows 运行以下示例之一。 有关依赖项代理的详细信息,请参阅 Azure Monitor 代理概述。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Linux machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentLinux",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Windows machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentWindows",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
保存模板,然后运行本文前面找到的 PowerShell 部署命令 ,将依赖项代理扩展安装到连接的计算机上。
以下 JSON 显示了 Azure Key Vault 扩展的架构。 此扩展不需要受保护的设置,因为其所有设置都被视为公共信息。 该扩展需要受监视的证书列表、轮询频率和目标证书存储。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"certificateStoreLocation":{
"type": "string"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForLinux')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForLinux",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": <polling interval in seconds, e.g. "3600">,
"certificateStoreName": <ignored on linux>,
"certificateStoreLocation": <disk path where certificate is stored, default: "/var/lib/waagent/Microsoft.Azure.KeyVault">,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.cn/secrets/mycertificate"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"linkOnRenewal":{
"type": "bool"
},
"certificateStoreLocation":{
"type": "string"
},
"requireInitialSync":{
"type": "bool"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForWindows')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForWindows",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": "3600",
"certificateStoreName": <certificate store name, e.g.: "MY">,
"linkOnRenewal": <Only Windows. This feature ensures s-channel binding when certificate renews, without necessitating a re-deployment. e.g.: false>,
"certificateStoreLocation": <certificate store location, currently it works locally only e.g.: "LocalMachine">,
"requireInitialSync": <initial synchronization of certificates e.g.: true>,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.cn"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
注意
你观察到的证书 URL 应采用 https://myVaultName.vault.azure.cn/secrets/myCertName 格式。 这是因为 /secrets 路径会返回完整证书(包括私钥),但 /certificates 路径不会。 有关证书的详细信息,请参阅 Azure Key Vault 密钥、机密和证书概述。
保存模板,并根据您环境的需要进行编辑。 然后,通过运行本文前面找到的 PowerShell 部署命令 ,将 Azure Key Vault 扩展安装到连接的计算机。
提示
Azure Key Vault 扩展需要系统分配的标识才能向 Key Vault 进行身份验证。 有关详细信息,请参阅 使用已启用 Azure Arc 的服务器对 Azure 资源进行身份验证。
- 了解如何使用 Azure PowerShell、 Azure 门户或 Azure CLI 部署、管理和删除 VM 扩展。
- 在故障排除 VM 扩展的指南中浏览故障排除信息。