使用ARM樣本啟用 Azure VM 擴充功能
本文說明如何使用 Azure Resource Manager 範本(ARM 範本)來部署已啟用 Azure Arc 的伺服器支援的 Azure 虛擬機 (VM) 擴充功能。
您可以將 VM 擴充功能新增至 ARM 範本,並使用範本的部署來執行它們。 透過已啟用 Azure Arc 的伺服器支援的 VM 擴充功能,您可以使用 Azure PowerShell 在 Linux 或 Windows 機器上部署擴充功能。 下列每個範例都包含範本檔案和參數檔案,其中包含要提供給範本值。
注意
雖然您可以批處理多個延伸模組並將它們一起處理,但它們會以序列方式安裝。 安裝第一個延伸模組安裝完成之後,就會安裝下一個延伸模組。
已啟用 Azure Arc 的伺服器不支援將 VM 擴充功能部署和管理至 Azure 虛擬機。 如需 Azure VM,請參閱 VM 擴充功能概觀 一文。
部署 Log Analytics VM 延伸模組
若要輕鬆地部署 Log Analytics 代理程式,請使用下列其中一個範例,在 Linux 或 Windows 上安裝代理程式。
Linux 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/OMSAgentForLinux')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "OmsAgentForLinux",
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/MicrosoftMonitoringAgent')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
參數檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"value": "<vmName>"
},
"location": {
"value": "<region>"
},
"workspaceId": {
"value": "<MyWorkspaceID>"
},
"workspaceKey": {
"value": "<MyWorkspaceKey>"
}
}
}
將範本和參數檔案儲存至磁碟,並使用部署的適當值來編輯參數檔案。 接著,您可以使用下列命令,在資源群組內的所有連線機器上安裝擴充功能。 命令會 TemplateFile 使用 參數來指定範本和 TemplateParameterFile 參數,以指定包含參數和參數值的檔案。
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\LogAnalyticsAgent.json" -TemplateParameterFile "D:\Azure\Templates\LogAnalyticsAgentParms.json"
部署自定義腳本擴充功能
若要使用自定義腳本擴充功能,請針對Linux和Windows執行下列其中一個範例。 如果您不熟悉自定義腳本擴充功能,請參閱 適用於Linux 的自定義腳本擴充功能或 適用於Windows的自定義腳本擴充功能。 在搭配混合式機器使用此擴充功能時,您應該瞭解的幾個不同特性:
Azure VM 自定義腳本擴充功能支援的作業系統清單不適用於已啟用 Azure Arc 的伺服器。 請參閱已啟用 Azure Arc 的伺服器支援的作業系統清單。
關於透過傳統部署模型建立的 Azure 虛擬機擴展集或 VM 的設定詳細數據不適用。
如果您的機器需要從外部下載腳本,而且只能透過 Proxy 伺服器通訊,您必須 設定連線的電腦代理程式 來設定 Proxy 伺服器的環境變數。
「自訂指令碼擴充功能」組態會指定指令碼位置和要執行命令等項目。 此組態是在下列範本中指定。
Linux 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "array"
},
"commandToExecute": {
"type": "securestring"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScript')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"autoUpgradeMinorVersion": true,
"settings": {},
"protectedSettings": {
"commandToExecute": "[parameters('commandToExecute')]",
"fileUris": "[parameters('fileUris')]"
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "string"
},
"arguments": {
"type": "securestring",
"defaultValue": " "
}
},
"variables": {
"UriFileNamePieces": "[split(parameters('fileUris'), '/')]",
"firstFileNameString": "[variables('UriFileNamePieces')[sub(length(variables('UriFileNamePieces')), 1)]]",
"firstFileNameBreakString": "[split(variables('firstFileNameString'), '?')]",
"firstFileName": "[variables('firstFileNameBreakString')[0]]"
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": "[split(parameters('fileUris'), ' ')]"
},
"protectedSettings": {
"commandToExecute": "[concat ('powershell -ExecutionPolicy Unrestricted -File ', variables('firstFileName'), ' ', parameters('arguments'))]"
}
}
}
]
}
參數檔案
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"basics": [
{}
],
"steps": [
{
"name": "customScriptExt",
"label": "Add Custom Script Extension",
"elements": [
{
"name": "fileUris",
"type": "Microsoft.Common.FileUpload",
"label": "Script files",
"toolTip": "The script files that will be downloaded to the virtual machine.",
"constraints": {
"required": false
},
"options": {
"multiple": true,
"uploadMode": "url"
},
"visible": true
},
{
"name": "commandToExecute",
"type": "Microsoft.Common.TextBox",
"label": "Command",
"defaultValue": "sh script.sh",
"toolTip": "The command to execute, for example: sh script.sh",
"constraints": {
"required": true
},
"visible": true
}
]
}
],
"outputs": {
"vmName": "[vmName()]",
"location": "[location()]",
"fileUris": "[steps('customScriptExt').fileUris]",
"commandToExecute": "[steps('customScriptExt').commandToExecute]"
}
}
}
部署相依性代理程式延伸模組
若要使用 Azure 監視器相依性代理程式擴充功能,請針對 Linux 和 Windows 執行下列其中一個範例。 如果您不熟悉相依性代理程式,請參閱 Azure 監視器代理程式概觀。
Linux 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Linux machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentLinux",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
Windows 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Windows machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentWindows",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
範本部署
將範本檔案儲存至磁碟。 接著,您可以使用下列命令,將擴充功能部署至連線的計算機:
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\DependencyAgent.json"
部署 Azure 金鑰保存庫 VM 擴充功能 (預覽版)
下列 JSON 顯示金鑰保存庫 VM 延伸模組的結構描述 (預覽)。 延伸模組不需要受保護的設定,因為其所有設定都會被視為公開資訊。 擴充功能需要受監視的憑證清單、輪詢頻率和目的地證書存儲。
Linux 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"certificateStoreLocation":{
"type": "string"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForLinux')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForLinux",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": <polling interval in seconds, e.g. "3600">,
"certificateStoreName": <ignored on linux>,
"certificateStoreLocation": <disk path where certificate is stored, default: "/var/lib/waagent/Microsoft.Azure.KeyVault">,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.net/secrets/mycertificate"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"linkOnRenewal":{
"type": "bool"
},
"certificateStoreLocation":{
"type": "string"
},
"requireInitialSync":{
"type": "bool"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForWindows')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForWindows",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": "3600",
"certificateStoreName": <certificate store name, e.g.: "MY">,
"linkOnRenewal": <Only Windows. This feature ensures s-channel binding when certificate renews, without necessitating a re-deployment. e.g.: false>,
"certificateStoreLocation": <certificate store location, currently it works locally only e.g.: "LocalMachine">,
"requireInitialSync": <initial synchronization of certificates e.g.: true>,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.net"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
注意
觀察到的憑證 URL 的格式應為 https://myVaultName.vault.azure.net/secrets/myCertName。 原因是 /secrets 路徑會傳回完整的憑證,包括私鑰,而 /certificates 路徑則不會傳回。 您可以在 Azure 金鑰保存庫 金鑰、秘密和憑證概觀中找到憑證的詳細資訊。
範本部署
將範本檔案儲存至磁碟。 接著,您可以使用下列命令,將擴充功能部署至連線的計算機。
注意
VM 擴充功能需要指派系統指派的身分識別,才能向 金鑰保存庫 進行驗證。 請參閱 使用適用於Linux和 Windows Azure Arc 的已啟用 Azure Arc 的伺服器,針對已啟用 Azure 資源的 Azure 資源進行驗證。
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\KeyVaultExtension.json"
相關內容
- 您可以使用 Azure PowerShell、Azure 入口網站 或 Azure CLI 來部署、管理和移除 VM 擴充功能。
- 您可以在針對 VM 擴充功能進行疑難解答的指南中找到疑難解答資訊。