在现有 VNet 中创建新的 VM、子网和 NSG 时出错

在现有 VNet 中创建新的 VM、子网和 NSG 时出错

我正在尝试使用新的 NSG 在新子网中部署新的虚拟机,但在部署模板时出现错误。

我们是一家 MSP,为客户构建名为“SoftWare”的定制软件,我们希望将其托管在 Azure 中。

我当前的设置如下*:

  • 名为 Contoso.Cloud 的资源组
  • 虚拟网络也称为 Contoso.Cloud,地址空间为 10.2.0.0/16
  • 托管我们的后端服务(如 Active Directory 等)的子网,以 10.2.10.0/24 为前缀。
  • 所有资源都部署在同一个资源组中

我使用此模板的目标是每次创建新的客户端虚拟机时在 Contoso.Cloud vnet 中部署新的子网和 NSG。

*出于安全原因,姓名已消毒

这是我的模板:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "adminUsername": {
            "type": "String",
            "metadata": {
                "description": "Username for the Virtual Machine."
            }
        },
        "adminPassword": {
            "type": "SecureString",
            "metadata": {
                "description": "Password for the Virtual Machine."
            }
        },
        "vmSize": {
            "defaultValue": "Standard_F2s_v2",
            "allowedValues": [
                "Standard_F2s_v2",
                "Standard_F4s_v2"
            ],
            "type": "String",
            "metadata": {
                "description": "Size of the virtual machine."
            }
        },
        "clientCode": {
            "type": "String",
            "metadata": {
                "description": "Please enter the ID of the clinic."
            }
        },
        "clientName": {
            "type": "String",
            "metadata": {
                "description": "Please enter the code of the clinic."
            }
        },
        "addressPrefix": {
            "defaultValue": "10.2.0.0/16",
            "allowedValues": [
                "10.2.0.0/16"
            ],
            "type": "String",
            "metadata": {
                "description": "Please enter the vnet address prefix here."
            }
        },
        "subnetPrefix": {
            "type": "String",
            "metadata": {
                "description": "Please enter the subnet prefix here."
            }
        }
    },
    "variables": {
        "storageAccountName": "ContosoStorageTST",
        "nicName": "[concat(toLower(variables('vmName')), '-', uniqueString(resourceGroup().id))]",
        "addressPrefix": "[parameters('addressPrefix')]",
        "subnetName": "[concat(parameters('clientCode'), '_', parameters('clientName'))]",
        "subnetPrefix": "[parameters('subnetPrefix')]",
        "vmName": "[concat(parameters('clientCode'), '-SoftWare1')]",
        "virtualNetworkName": "Contoso.Cloud",
        "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
        "networkSecurityGroupName": "[concat('SoftWare-NSG-', parameters('clientCode'))]",
        "backendSubnet": "10.2.10.0/24",
        "location": "West Europe"
    },
    "resources": [
        {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2018-11-01",
            "name": "[variables('storageAccountName')]",
            "location": "[variables('location')]",
            "sku": {
                "name": "Standard_LRS"
            },
            "kind": "Storage",
            "properties": {}
        },
        {
            "type": "Microsoft.Network/networkSecurityGroups",
            "apiVersion": "2019-08-01",
            "name": "[variables('networkSecurityGroupName')]",
            "location": "[variables('location')]",
            "properties": {
                "securityRules": [
                    {
                        "name": "allow_RDP_in",
                        "properties": {
                            "protocol": "tcp",
                            "sourcePortRange": "*",
                            "destinationPortRange": "3389",
                            "sourceAddressPrefix": "*",
                            "destinationAddressPrefix": "[parameters('subnetPrefix')]",
                            "access": "Allow",
                            "priority": 500,
                            "direction": "Inbound"
                        }
                    },
                    {
                        "name": "allow_core_to_client",
                        "properties": {
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "22",
                            "sourceAddressPrefix": "[variables('backendSubnet')]",
                            "destinationAddressPrefix": "*",
                            "access": "Allow",
                            "priority": 501,
                            "direction": "Inbound"
                        }
                    },
                    {
                        "name": "allow_client_to_core",
                        "properties": {
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "[parameters('subnetPrefix')]",
                            "destinationAddressPrefix": "[variables('backendSubnet')]",
                            "access": "Allow",
                            "priority": 502,
                            "direction": "Outbound"
                        }
                    },
                    {
                        "name": "deny_client_to_other_clients",
                        "properties": {
                            "protocol": "*",
                            "sourcePortRange": "*",
                            "destinationPortRange": "*",
                            "sourceAddressPrefix": "[variables('addressPrefix')]",
                            "destinationAddressPrefix": "[variables('addressPrefix')]",
                            "access": "Deny",
                            "priority": 4000,
                            "direction": "Outbound"
                        }
                    }
                ]
            }
        },
        {
            "type": "Microsoft.Network/virtualNetworks/subnets",
            "apiVersion": "2018-04-01",
            "name": "[concat(variables('virtualNetworkName'), '/', variables('subnetName'))]",
            "location": "[variables('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
            ],
            "properties": {
                "addressPrefix": "[variables('subnetPrefix')]",
                "networkSecurityGroup": "[variables('networkSecurityGroupName')]"
            }
        },
        {
            "type": "Microsoft.Network/networkInterfaces",
            "apiVersion": "2018-11-01",
            "name": "[variables('nicName')]",
            "location": "[variables('location')]",
            "dependsOn": [
                "[concat('/subscriptions/<subscription-ID>/resourceGroups/SoftWare.Cloud/providers/Microsoft.Network/virtualNetworks/SoftWare.Cloud/subnets/', variables('subnetName'))]"

            ],
            "properties": {
                "ipConfigurations": [
                    {
                        "name": "ipconfig1",
                        "properties": {
                            "privateIPAllocationMethod": "Dynamic",
                            "subnet": {
                                "id": "[variables('subnetRef')]"
                            }
                        }
                    }
                ]
            }
        },
        {
            "type": "Microsoft.Compute/virtualMachines",
            "apiVersion": "2018-10-01",
            "name": "[variables('vmName')]",
            "location": "[variables('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
                "[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]",
                "[concat('/subscriptions/<subscription-ID>/resourceGroups/SoftWare.Cloud/providers/Microsoft.Network/virtualNetworks/SoftWare.Cloud/subnets/', variables('subnetName'))]"
            ],
            "properties": {
                "hardwareProfile": {
                    "vmSize": "[parameters('vmSize')]"
                },
                "osProfile": {
                    "computerName": "[variables('vmName')]",
                    "adminUsername": "[parameters('adminUsername')]",
                    "adminPassword": "[parameters('adminPassword')]"
                },
                "storageProfile": {
                    "imageReference": {
                        "id": "[resourceId('Microsoft.Compute/images', 'SoftWare1-IMAGE-Roles ')]"
                    },
                    "osDisk": {
                        "createOption": "FromImage"
                    }
                },
                "networkProfile": {
                    "networkInterfaces": [
                        {
                            "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
                        }
                    ]
                },
                "diagnosticsProfile": {
                    "bootDiagnostics": {
                        "enabled": false,
                        "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob]"
                    }
                }
            }
        }
    ]
}

这些是我的参数:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "adminUsername": {
      "value": "admin-local"
    },
    "adminPassword": {
      "value": "myPassword,"
    },
    "vmSize": {
      "value": "Standard_F2s_v2"
    },
    "clientCode": {
      "value": "TST01"
    },
    "clientName": {
      "value": "TST-Example"
    },
    "addressPrefix": {
      "value": "10.2.0.0/16"
    },
    "subnetPrefix": {
      "value": "10.2.20.0/28"
    }
  }
}

我收到的错误是:

 "Cannot parse the request. (Code: InvalidRequestFormat)
    - Value for reference id is missing. Path properties.networkSecurityGroup. (Code: MissingJasonReferenceId)

这让我相信我需要在部署子网时对 NSG 进行额外引用,但在每个示例模板中我都发现这不会发生。当我使用不同的模板仅部署子网(没有 NSG)时,一切顺利。

另一个问题可能是网络接口上没有指定 vnet,但是当我查看示例时,它们所做的唯一一件事就是使用“dependsOn”选项,该选项仅在 vnet 与网络接口在同一个模板中创建时使用。但事实并非如此。

答案1

您的问题是子网配置中的这一行:

"networkSecurityGroup": "[variables('networkSecurityGroupName')]"

您需要 NSG 的完整资源 ID,而不是名称。

将其更改为

"networkSecurityGroup": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('networkSecurityGroupName'))]"

相关内容