我正在尝试使用新的 NSG 在新子网中部署新的虚拟机,但在部署模板时出现错误。
我们是一家 MSP,为客户构建名为“SoftWare”的定制软件,我们希望将其托管在 Azure 中。
我当前的设置如下*:
- 名为 Contoso.Cloud 的资源组
- 虚拟网络也称为 Contoso.Cloud,地址空间为 10.2.0.0/16
- 托管我们的后端服务(如 Active Directory 等)的子网,以 10.2.10.0/24 为前缀。
- 所有资源都部署在同一个资源组中
我使用此模板的目标是每次创建新的客户端虚拟机时在 Contoso.Cloud vnet 中部署新的子网和 NSG。
*出于安全原因,姓名已消毒
这是我的模板:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "String",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "SecureString",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"vmSize": {
"defaultValue": "Standard_F2s_v2",
"allowedValues": [
"Standard_F2s_v2",
"Standard_F4s_v2"
],
"type": "String",
"metadata": {
"description": "Size of the virtual machine."
}
},
"clientCode": {
"type": "String",
"metadata": {
"description": "Please enter the ID of the clinic."
}
},
"clientName": {
"type": "String",
"metadata": {
"description": "Please enter the code of the clinic."
}
},
"addressPrefix": {
"defaultValue": "10.2.0.0/16",
"allowedValues": [
"10.2.0.0/16"
],
"type": "String",
"metadata": {
"description": "Please enter the vnet address prefix here."
}
},
"subnetPrefix": {
"type": "String",
"metadata": {
"description": "Please enter the subnet prefix here."
}
}
},
"variables": {
"storageAccountName": "ContosoStorageTST",
"nicName": "[concat(toLower(variables('vmName')), '-', uniqueString(resourceGroup().id))]",
"addressPrefix": "[parameters('addressPrefix')]",
"subnetName": "[concat(parameters('clientCode'), '_', parameters('clientName'))]",
"subnetPrefix": "[parameters('subnetPrefix')]",
"vmName": "[concat(parameters('clientCode'), '-SoftWare1')]",
"virtualNetworkName": "Contoso.Cloud",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"networkSecurityGroupName": "[concat('SoftWare-NSG-', parameters('clientCode'))]",
"backendSubnet": "10.2.10.0/24",
"location": "West Europe"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-11-01",
"name": "[variables('storageAccountName')]",
"location": "[variables('location')]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-08-01",
"name": "[variables('networkSecurityGroupName')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "allow_RDP_in",
"properties": {
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "[parameters('subnetPrefix')]",
"access": "Allow",
"priority": 500,
"direction": "Inbound"
}
},
{
"name": "allow_core_to_client",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "[variables('backendSubnet')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 501,
"direction": "Inbound"
}
},
{
"name": "allow_client_to_core",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "[parameters('subnetPrefix')]",
"destinationAddressPrefix": "[variables('backendSubnet')]",
"access": "Allow",
"priority": 502,
"direction": "Outbound"
}
},
{
"name": "deny_client_to_other_clients",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "[variables('addressPrefix')]",
"destinationAddressPrefix": "[variables('addressPrefix')]",
"access": "Deny",
"priority": 4000,
"direction": "Outbound"
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2018-04-01",
"name": "[concat(variables('virtualNetworkName'), '/', variables('subnetName'))]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
],
"properties": {
"addressPrefix": "[variables('subnetPrefix')]",
"networkSecurityGroup": "[variables('networkSecurityGroupName')]"
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2018-11-01",
"name": "[variables('nicName')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('/subscriptions/<subscription-ID>/resourceGroups/SoftWare.Cloud/providers/Microsoft.Network/virtualNetworks/SoftWare.Cloud/subnets/', variables('subnetName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2018-10-01",
"name": "[variables('vmName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]",
"[concat('/subscriptions/<subscription-ID>/resourceGroups/SoftWare.Cloud/providers/Microsoft.Network/virtualNetworks/SoftWare.Cloud/subnets/', variables('subnetName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"id": "[resourceId('Microsoft.Compute/images', 'SoftWare1-IMAGE-Roles ')]"
},
"osDisk": {
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": false,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob]"
}
}
}
}
]
}
这些是我的参数:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"value": "admin-local"
},
"adminPassword": {
"value": "myPassword,"
},
"vmSize": {
"value": "Standard_F2s_v2"
},
"clientCode": {
"value": "TST01"
},
"clientName": {
"value": "TST-Example"
},
"addressPrefix": {
"value": "10.2.0.0/16"
},
"subnetPrefix": {
"value": "10.2.20.0/28"
}
}
}
我收到的错误是:
"Cannot parse the request. (Code: InvalidRequestFormat)
- Value for reference id is missing. Path properties.networkSecurityGroup. (Code: MissingJasonReferenceId)
这让我相信我需要在部署子网时对 NSG 进行额外引用,但在每个示例模板中我都发现这不会发生。当我使用不同的模板仅部署子网(没有 NSG)时,一切顺利。
另一个问题可能是网络接口上没有指定 vnet,但是当我查看示例时,它们所做的唯一一件事就是使用“dependsOn”选项,该选项仅在 vnet 与网络接口在同一个模板中创建时使用。但事实并非如此。
答案1
您的问题是子网配置中的这一行:
"networkSecurityGroup": "[variables('networkSecurityGroupName')]"
您需要 NSG 的完整资源 ID,而不是名称。
将其更改为
"networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('networkSecurityGroupName'))]"