使用ARM模板和DSC部署Azure VM和用户

Question

我第一次看到创建DSC (理想的状态配置)与ARM (Azure Resource )模板一起部署Windows 2016和其他本地用户帐户。到目前为止，ARM模板工作良好，对于DSC文件，我使用简单的示例来测试功能。在我试图传递用户名/密码以便创建本地Windows用户帐户之前，部署工作正常。我似乎根本无法使这个函数工作(见下面的错误消息)。

我的问题是，如何使用ARM模板将凭据(密码)传递给DSC (mof)文件，从而无需显式地允许纯文本密码(这不是一个好做法)就可以创建用户？

这就是我尝试过的：

DSC文件

Configuration xUser_CreateUserConfig {
[CmdletBinding()]

Param (

    [Parameter(Mandatory = $true)]
    [string]
    $nodeName,

    [Parameter(Mandatory = $true)]
    [System.Management.Automation.PSCredential]
    [System.Management.Automation.Credential()]
    $Credential
)

Import-DscResource -ModuleName xPSDesiredStateConfiguration

Node $nodeName {
    xUser 'CreateUserAccount' {
        Ensure = 'Present'
        UserName = Split-Path -Path $Credential.UserName -Leaf
        Password = $Credential
    }
}

}

Azure ARM模板片段1方法

"resources": [
      {
          "apiVersion": "2016-03-30",
          "type": "extensions",
          "name": "Microsoft.Powershell.DSC",
          "location": "[parameters('location')]",
          "tags": {
            "DisplayName": "DSC",
            "Dept": "[resourceGroup().tags['Dept']]",
            "Created By": "[parameters('createdBy')]"
          },
          "dependsOn": [
            "[resourceId('Microsoft.Compute/virtualMachines', concat(variables('vmNamePrefix'), copyIndex(1)))]"
          ],
          "properties": {
            "publisher": "Microsoft.Powershell",
            "type": "DSC",
            "typeHandlerVersion": "2.19",
            "autoUpgradeMinorVersion": true,
            "settings": {
              "wmfVersion": "latest",
              "modulesUrl": "[concat(variables('_artifactslocation'), '/', variables('dscArchiveFolder'), '/', variables('dscArchiveFileName'))]",
              "configurationFunction": "xCreateUserDsc.ps1\\xUser_CreateUserConfig",
              "properties": {
                  "nodeName": "[concat(variables('vmNamePrefix'), copyIndex(1))]",
                    "Credential": {
                        "UserName": "[parameters('noneAdminUsername')]",
                        "Password": "PrivateSettingsRef:UserPassword"
                    }
              }
            },
            "protectedSettings": {
              "Items": {
                  "UserPassword": "[parameters('noneAdminUserPassword')]"
              }
            }
          }
        }
    ]

错误消息在终端配置状态“失败”下完成的资源操作。VM在处理扩展“Microsoft.Powershell. has”时报告了故障。错误信息：\“DSC扩展程序收到错误输入:处理配置'xUser_CreateUserConfig‘时出现编译错误。请查看错误流中报告的错误并适当修改配置代码。System.InvalidOperationException错误处理属性”密码“类型为”xUser“：不建议将加密密码转换和存储为纯文本。有关在MOF文件中保护凭据的详细信息，请参阅MSDN博客：http://go.microsoft.com/fwlink/?LinkId=393729。

此错误消息没有帮助。

Azure ARM模板片段第二种方法

"resources": [
    {
        "apiVersion": "2018-10-01",
        "type": "extensions",
        "name": "Microsoft.Powershell.DSC",
        "location": "[parameters('location')]",
        "tags": {
          "DisplayName": "DSC",
          "Dept": "[resourceGroup().tags['Dept']]",
          "Created By": "[parameters('createdBy')]"
        },
        "dependsOn": [
          "[resourceId('Microsoft.Compute/virtualMachines', concat(variables('vmNamePrefix'), copyIndex(1)))]"
        ],
        "properties": {
          "publisher": "Microsoft.Powershell",
          "type": "DSC",
          "typeHandlerVersion": "2.9",
          "autoUpgradeMinorVersion": true,
          "settings": {
            "wmfVersion": "latest",
            "configuration": {
              "url": "[concat(variables('_artifactslocation'), '/', variables('dscArchiveFolder'), '/', variables('dscArchiveFileName'))]",
              "script": "xCreateUserDsc.ps1",
              "function": "xUser_CreateUserConfig"
            },
            "configurationArguments": {
              "nodeName": "[concat(variables('vmNamePrefix'), copyIndex(1))]"
            },
            "privacy": {
              "dataCollection": "Disable"
            }
          },
          "protectedSettings": {
            "configurationArguments": {
              "Credential": {
                "UserName": "[parameters('noneAdminUsername')]",
                "Password": "[parameters('noneAdminUserPassword')]"
              }
            }
          }
        }
      }
  ]

错误消息

VM在处理扩展“Microsoft.Powershell. has”时报告了故障。错误信息：“DSC扩展接收到一个不正确的输入:找不到与参数名称‘$凭证.param’匹配的参数。另一个常见错误是指定没有显式类型的PSCredential类型的参数。请确保在DSC配置中使用类型化参数，例如:配置示例param(PSCredential $UserAccount)。请更正输入并重试执行扩展名。有关故障排除的更多信息，请访问https://aka.ms/VMExtensionDSCWindowsTroubleshoot。

这没什么用！

几天来我一直试图解决这个错误。我搜索了其他示例，但是只能找到部署Web和Microsoft文档的示例，因为它告诉您使用上述两种方法。当方法1是旧的方式时(根据Microsoft)。所以，任何帮助都会非常感谢。

Answer 1

这就是我在配置中设置参数的方式：

# Credentials
[Parameter(Mandatory)]
[System.Management.Automation.PSCredential]$Admincreds,

然后在模板中：

"properties": {
    "publisher": "Microsoft.Powershell",
    "type": "DSC",
    "typeHandlerVersion": "2.19",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "configuration": xxx // doesn't matter for this question
        "configurationArguments": yyy // doesn't matter for this question
    },
    "protectedSettings": {
        "configurationArguments": {
            "adminCreds": {
                "userName": "someValue",
                "password": "someOtherValue"
            }
        }
    }
}

指向工作内容的链接：

Architecture/blob/master/templates/resources/AD/azuredeploy.json#L261

Architecture/blob/master/artifacts/configurationscripts/ad-domain.ps1#L11

ps。您可能还需要执行这。老实说，我不记得了;)