使用DSC进行Azure VM部署-将参数传递给配置

时间:2019-06-06 00:35:01

标签: azure powershell automation dsc

我正在通过自定义位于以下位置的Azure部署模板来开发我的第一个AzureRM / DSC模板项目:https://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-automation-dsc

为此,我修改了WindowsIISServerConfig.ps1以添加一些Windows功能以及下载证书和安装证书的功能。问题是我不知道如何将证书的凭据传递到此配置中。

这是我的代码...如何传递$certPass参数?:

configuration WindowsIISServerConfig
{

    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [System.Management.Automation.PSCredential]
        $certPass
    )

    Import-DscResource -ModuleName 'xWebAdministration'
    Import-DscResource -ModuleName 'xPSDesiredStateConfiguration'
    Import-DscResource -ModuleName 'CertificateDsc'
    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'    

    WindowsFeature WebServer
    {
        Ensure  = 'Present'
        Name    = 'Web-Server'
    }

    WindowsFeature WebManagement
    {
        Ensure  = 'Present'
        Name    = 'Web-Mgmt-Console'
        DependsOn = '[WindowsFeature]WebServer'
    }

    WindowsFeature WebASPNet47
    {
        Ensure  = 'Present'
        Name    = 'Web-Asp-Net45'
        DependsOn = '[WindowsFeature]WebServer'
    }

    WindowsFeature WebNetExt
    {
        Ensure  = 'Present'
        Name    = 'Web-Net-Ext45'
        DependsOn = '[WindowsFeature]WebServer'
    }

    # IIS Site Default Settings
    xWebSiteDefaults SiteDefaults
    {
        ApplyTo                 = 'Machine'
        LogFormat               = 'IIS'
        LogDirectory            = 'C:\inetpub\logs\LogFiles'
        TraceLogDirectory       = 'C:\inetpub\logs\FailedReqLogFiles'
        DefaultApplicationPool  = 'DefaultAppPool'
        AllowSubDirConfig       = 'true'
        DependsOn               = '[WindowsFeature]WebServer'
    }

    # IIS App Pool Default Settings
    xWebAppPoolDefaults PoolDefaults
    {
       ApplyTo               = 'Machine'
       ManagedRuntimeVersion = 'v4.0'
       IdentityType          = 'ApplicationPoolIdentity'
       DependsOn             = '[WindowsFeature]WebServer'
    }

    # Get SSL cert file from Azure Storage using SAS URI
    xRemoteFile CertPfx
    {
        Uri = "https://example.blob.core.windows.net/resources/cert.pfx?sp=r&st=2019-06-02T22:00:11Z&se=2019-07-03T06:00:11Z&spr=https&sv=2018-03-28&sig=xxxxxx&sr=b"
        DestinationPath = "C:\temp\cert.pfx"
    }

    # Import the PFX file which was downloaded to local path
    PfxImport ImportCertPFX
    {
        Ensure     = "Present"
        DependsOn  = "[xRemoteFile]CertPfx"
        Thumbprint = "c124bf740b256316bd756g689140d6ff3dcdd65f"
        Path       = "c:\temp\cert.pfx"
        Location   = "LocalMachine"
        Store      = "WebHosting"
        Credential = $certPass
    }

}

2 个答案:

答案 0 :(得分:1)

如果您使用的是模板,则可以遵循this示例。简而言之,您需要创建一个凭据变量:

    {
      "name": "[concat(parameters('accountName'), '/', parameters('variableName')) ]",
      "type": "microsoft.automation/automationAccounts/Variables",
      "apiVersion": "2015-01-01-preview",
      "tags": { },
      "dependsOn": [ xxx ],
      "properties": {
        "isEncrypted": 0,
        "type": "[parameters('variableType')]",
        "value": "[parameters('variableValue')]"
      }
    },

并在编译时对其进行引用,如果您在代码中执行this,则会自动获得变量值:

$domainCreds = Get-AutomationPSCredential -Name 'domainCreds'

我认为,或者,您可以将它们传递到properties.parameters字段(description)中,啊,等等,您在谈论凭据,我不确定是否支持。

答案 1 :(得分:0)

根据官方的CertificateDsc存储库:https://github.com/PowerShell/CertificateDsc/blob/dev/Examples/Resources/PfxImport/2-PfxImport_InstallPFX_Config.ps1

,您的解决方案似乎很有效。

您从运行此程序中得到任何错误吗?

相关问题
最新问题