在App Service Environment中获取内部负载均衡器的IP

Question

我正在开发ARM模板以部署配置了内部负载均衡器（ILB ASE）的App Service Environment v2。有没有办法获取内部负载均衡器从其附加的vnet获取的虚拟IP（VIP）地址作为输出？在配置后通过PowerShell查看ASE的属性时，我看不到IP地址或负载均衡器的属性。

Answer 1

经过大量的研究和测试......目前没有办法将其作为ARM模板的输出。以下是可以收集价值的方式：

1. 通过资源浏览器...虽然这对以编程方式进行操作不是很有帮助，但它确实帮助我找出了其他2种方式

2. 使用PowerShell查询management.azure.com API，但您必须发布具有相应权限的应用，并指定应用在您尝试从

   <查询资源的订阅中拥有权限/ LI>

3. 使用Azure CLI。这种方法最简单。

我需要这个值来完全自动化部署位于ILB ASE前面的App Gateway。我使用Terraform进行部署自动化，并从Azure Cloud Shell运行Terraform配置。我使用shell脚本开始部署，在那里我动态地将存储帐户密钥存储到存储状态文件的存储帐户。然后我查询ILB ASE以获取IP地址并将其设置为一个变量然后传递给Terraform

下面是我使用的shell脚本的副本：

#!/bin/bash
set -eo pipefail

# The block below will grab the access key for the storage account that is used
# to store state files

subscription_name="<my_subscription_name>"
tfstate_storage_resource_group="terraform-state-rg"
tfstate_storage_account="<name_of_statefile_storage_account>"
subscription_id="my_subscription_id>"
ilbase_rg_name="<name_of_resourcegroup_where_ase_is_deployed>"
ilbase_name="<name_of_ase>"

az account set --subscription "$subscription_name"
tfstate_storage_access_key=$(
  az storage account keys list \
  --resource-group "$tfstate_storage_resource_group" \
  --account-name "$tfstate_storage_account" \
  --query '[0].value' -o tsv
)

echo ""
echo "Terraform state storage account access key:"
echo $tfstate_storage_access_key
echo ""

# The block below will get the Virtual IP of the ASE Internal Load Balancer
# which will be used to create the App GW

ilbase_virtual_ip=$(
  az resource show \
  --ids "/subscriptions/$subscription_id/resourceGroups/$ilbase_rg_name/providers/Microsoft.Web/hostingEnvironments/$ilbase_name/capacities/virtualip" \
  --query "additionalProperties.internalIpAddress"
)

echo ""
echo "ASE internal load balancer IP:"
echo $ilbase_virtual_ip
echo ""

terraform plan \
  -var "tfstate_access_key=$tfstate_storage_access_key" \
  -var "ilbase_virtual_ip=$ilbase_virtual_ip"

Answer 2

您可以使用以下输出：

"outputs": {
      "privateIp": {
        "type": "string",
          "value": "[reference(parameters('lbname')).frontendIPConfigurations[0].properties.privateIPAddress]"
      }
    }

这是我的模板，创建一个Vnet和一个内部负载均衡器：

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "vnetName": {
      "type": "string",
      "defaultValue": "VNet1",
      "metadata": {
        "description": "VNet name"
      }
    },
    "vnetAddressPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address prefix"
      }
    },
    "subnet1Prefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/24",
      "metadata": {
        "description": "Subnet 1 Prefix"
      }
    },
    "subnet1Name": {
      "type": "string",
      "defaultValue": "Subnet1",
      "metadata": {
        "description": "Subnet 1 Name"
      }
    },
    "subnet2Prefix": {
      "type": "string",
      "defaultValue": "10.0.1.0/24",
      "metadata": {
        "description": "Subnet 2 Prefix"
      }
    },
    "subnet2Name": {
      "type": "string",
      "defaultValue": "Subnet2",
      "metadata": {
        "description": "Subnet 2 Name"
      }
    },
    "lbname": {
      "defaultValue": "jasonlbb",
      "type": "String"
    }
    },
"variables": {
    "virtualnetworkname" : "vnet1",
    "apiVersion": "2015-06-15",
    "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualnetworkname'))]",
    "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]"
},
  "resources": [
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[parameters('vnetName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetAddressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnet1Name')]",
            "properties": {
              "addressPrefix": "[parameters('subnet1Prefix')]"
            }
          },
          {
            "name": "[parameters('subnet2Name')]",
            "properties": {
              "addressPrefix": "[parameters('subnet2Prefix')]"
            }
          }
        ]
      }
    },
    {
      "apiVersion": "2015-05-01-preview",
      "type": "Microsoft.Network/loadBalancers",
      "name": "[parameters('lbname')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[variables('vnetID')]"
      ],
      "properties": {
        "frontendIPConfigurations": [
          {
            "properties": {
              "subnet": {
                "id": "[variables('subnetRef')]"
              },
              "privateIPAllocationMethod": "Dynamic"
            },
            "name": "LoadBalancerFrontend"
          }
        ],
        "backendAddressPools": [
          {
            "name": "BackendPool1"
          }
        ],
        "loadBalancingRules": [
          {
            "properties": {
              "frontendIPConfiguration": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbname')), '/frontendIpConfigurations/LoadBalancerFrontend')]"
              },
              "backendAddressPool": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbname')), '/backendAddressPools/BackendPool1')]"
              },
              "probe": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('lbname')), '/probes/lbprobe')]"
              },
              "protocol": "Tcp",
              "frontendPort": 80,
              "backendPort": 80,
              "idleTimeoutInMinutes": 15
            },
            "Name": "lbrule"
          }
        ],
        "probes": [
          {
            "properties": {
              "protocol": "Tcp",
              "port": 80,
              "intervalInSeconds": 15,
              "numberOfProbes": 2
            },
            "name": "lbprobe"
          }
        ]
      } 
    }
  ],
  "outputs": {
      "privateIp": {
        "type": "string",
          "value": "[reference(parameters('lbname')).frontendIPConfigurations[0].properties.privateIPAddress]"
      }
    }
}

以下是有关结果的屏幕截图：

希望这有帮助。

Answer 3

如果您使用的是Terraform，这就是我的工作方式。必须使用Terraform中的外部数据源以及Azure CLI和jq来解决Azure和Terraform外部数据提供程序中的错误。

# As of writing, the ASE ARM deployment don’t return the IP address of the ILB
# ASE. This workaround querys Azure’s API to get the values we need for use
# elsewhere in the script.
# See this https://stackoverflow.com/a/49436100
data “external” “app_service_environment_ilb_ase_ip_address” {
  # This calls the Azure CLI then passes the value to jq to return JSON as a single
  # string so that external provider can parse it properly. Otherwise you get an
  # error. See this bug https://github.com/terraform-providers/terraform-provider-external/issues/23
  program = [“bash”, “-c”, “az resource show --ids ${local.app_service_environment_id}/capacities/virtualip --query ‘{internalIpAddress: internalIpAddress}’ | jq -c”]

  # Explicit dependency on the ASE ARM deployment because this command will fail
  # if that resource isn’t built yet.
  depends_on = [azurerm_template_deployment.ase]
}