使用 ARM 範本啟用 Azure VM 延伸模組
本文說明如何使用 Azure Resource Manager 範本 (ARM 範本) 部署已啟用 Azure Arc 的伺服器支援的 Azure VM 延伸模組。
VM 擴充功能可以新增至 Azure Resource Manager 範本,並使用範本的部署執行。 透過已啟用 Azure Arc 的伺服器支援的 VM 延伸模組,您可以使用 Azure PowerShell 在 Linux 或 Windows 機器上部署支援的 VM 延伸模組。 下列每個範例都包含範本檔案和參數檔案,且附有要提供給範本的範例值。
注意
雖然多個延伸模組可以一起批次處理並處理,但仍會依序安裝。 第一個延伸模組安裝完成之後,就會嘗試安裝下一個延伸模組。
注意
已啟用 Azure Arc 的伺服器不支援在 Azure 虛擬機器上部署和管理 VM 延伸模組。 如需 Azure VM,請參閱下列 VM 延伸模組概觀一文。
部署 Log Analytics VM 延伸模組
為了輕鬆部署 Log Analytics 代理程式,提供下列範例以在 Windows 或 Linux 上安裝代理程式。
Linux 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/OMSAgentForLinux')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "OmsAgentForLinux",
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
"workspaceKey": {
"type": "string"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/MicrosoftMonitoringAgent')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true,
"settings": {
"workspaceId": "[parameters('workspaceId')]"
},
"protectedSettings": {
"workspaceKey": "[parameters('workspaceKey')]"
}
}
}
]
}
參數檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"value": "<vmName>"
},
"location": {
"value": "<region>"
},
"workspaceId": {
"value": "<MyWorkspaceID>"
},
"workspaceKey": {
"value": "<MyWorkspaceKey>"
}
}
}
將範本和參數檔案儲存至磁碟中,並使用適合部署的值來編輯參數檔案。 然後,您可以使用下列命令,在資源群組內的所有連線機器上安裝延伸模組。 此命令會使用 TemplateFile 參數來指定範本和 TemplateParameterFile 參數,以指定包含參數和參數值的檔案。
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\LogAnalyticsAgent.json" -TemplateParameterFile "D:\Azure\Templates\LogAnalyticsAgentParms.json"
部署自訂指令碼延伸模組
若要使用自訂指令碼延伸模組,我們已提供下列範例,可用於在 Windows 和 Linux 上執行。 如果您不熟悉自訂指令碼延伸模組,請參閱適用 Windows 的自訂指令碼延伸模組或適用 Linux 的自訂指令碼延伸模組。 搭配混合式機器使用此擴充功能延伸模組時,請務必了解幾個不同的特性:
支援 Azure VM 自訂指令碼延伸模組的作業系統清單,不適用於已啟用 Azure Arc 的伺服器。 您可以在這裡找到已啟用 Azure Arc 的伺服器支援的作業系統清單。
不適用關於 Azure 虛擬機器擴展集或傳統 VM 的設定詳細資料。
如果您的電腦需要從外部下載指令碼,而且只能透過 Proxy 伺服器進行通訊,您必須設定連線的電腦代理程式,來設定 Proxy 伺服器環境變數。
「自訂指令碼延伸模組」組態會指定指令碼位置和要執行的命令等項目。 此組態是在 Azure Resource Manager 範本中指定,如下所述,適用於 Linux 和 Windows 混合式機器。
Linux 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "array"
},
"commandToExecute": {
"type": "securestring"
}
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScript')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Azure.Extensions",
"type": "CustomScript",
"autoUpgradeMinorVersion": true,
"settings": {},
"protectedSettings": {
"commandToExecute": "[parameters('commandToExecute')]",
"fileUris": "[parameters('fileUris')]"
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"fileUris": {
"type": "string"
},
"arguments": {
"type": "securestring",
"defaultValue": " "
}
},
"variables": {
"UriFileNamePieces": "[split(parameters('fileUris'), '/')]",
"firstFileNameString": "[variables('UriFileNamePieces')[sub(length(variables('UriFileNamePieces')), 1)]]",
"firstFileNameBreakString": "[split(variables('firstFileNameString'), '?')]",
"firstFileName": "[variables('firstFileNameBreakString')[0]]"
},
"resources": [
{
"name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
"type": "Microsoft.HybridCompute/machines/extensions",
"location": "[parameters('location')]",
"apiVersion": "2022-03-10",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": "[split(parameters('fileUris'), ' ')]"
},
"protectedSettings": {
"commandToExecute": "[concat ('powershell -ExecutionPolicy Unrestricted -File ', variables('firstFileName'), ' ', parameters('arguments'))]"
}
}
}
]
}
參數檔案
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"basics": [
{}
],
"steps": [
{
"name": "customScriptExt",
"label": "Add Custom Script Extension",
"elements": [
{
"name": "fileUris",
"type": "Microsoft.Common.FileUpload",
"label": "Script files",
"toolTip": "The script files that will be downloaded to the virtual machine.",
"constraints": {
"required": false
},
"options": {
"multiple": true,
"uploadMode": "url"
},
"visible": true
},
{
"name": "commandToExecute",
"type": "Microsoft.Common.TextBox",
"label": "Command",
"defaultValue": "sh script.sh",
"toolTip": "The command to execute, for example: sh script.sh",
"constraints": {
"required": true
},
"visible": true
}
]
}
],
"outputs": {
"vmName": "[vmName()]",
"location": "[location()]",
"fileUris": "[steps('customScriptExt').fileUris]",
"commandToExecute": "[steps('customScriptExt').commandToExecute]"
}
}
}
部署相依性代理程式延伸模組
若要使用 Azure 監視器相依性代理程式延伸模組,我們已提供下列範例,可用於在 Windows 和 Linux 上執行。 如果您不熟悉相依性代理程式,請參閱 Azure 監視器代理程式概觀。
Linux 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Linux machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentLinux",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
Windows 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The name of existing Windows machine."
}
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/DAExtension')]",
"apiVersion": "2022-03-10",
"location": "[resourceGroup().location]",
"dependsOn": [
],
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentWindows",
"enableAutomaticUpgrade": true
}
}
],
"outputs": {
}
}
範本部署
將範本檔案儲存至磁碟。 接著,您可以使用下列命令,將延伸模組部署至連線的電腦。
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\DependencyAgent.json"
部署 Azure 金鑰保存庫 VM 延伸模組 (預覽)
下列 JSON 顯示金鑰保存庫 VM 延伸模組的結構描述 (預覽)。 此延伸模組不需要受保護的設定,其所有設定都會被視為公開資訊。 此延伸模組需要有受監視的憑證、輪詢頻率和目的地憑證存放區的清單。 具體而言:
Linux 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"certificateStoreLocation":{
"type": "string"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForLinux')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForLinux",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": <polling interval in seconds, e.g. "3600">,
"certificateStoreName": <ignored on linux>,
"certificateStoreLocation": <disk path where certificate is stored, default: "/var/lib/waagent/Microsoft.Azure.KeyVault">,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.net/secrets/mycertificate"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
Windows 的範本檔案
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
},
"autoUpgradeMinorVersion":{
"type": "bool"
},
"pollingIntervalInS":{
"type": "int"
},
"certificateStoreName":{
"type": "string"
},
"linkOnRenewal":{
"type": "bool"
},
"certificateStoreLocation":{
"type": "string"
},
"requireInitialSync":{
"type": "bool"
},
"observedCertificates":{
"type": "string"
},
"msiEndpoint":{
"type": "string"
},
"msiClientId":{
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.HybridCompute/machines/extensions",
"name": "[concat(parameters('vmName'),'/KVVMExtensionForWindows')]",
"apiVersion": "2022-03-10",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForWindows",
"enableAutomaticUpgrade": true,
"settings": {
"secretsManagementSettings": {
"pollingIntervalInS": "3600",
"certificateStoreName": <certificate store name, e.g.: "MY">,
"linkOnRenewal": <Only Windows. This feature ensures s-channel binding when certificate renews, without necessitating a re-deployment. e.g.: false>,
"certificateStoreLocation": <certificate store location, currently it works locally only e.g.: "LocalMachine">,
"requireInitialSync": <initial synchronization of certificates e.g.: true>,
"observedCertificates": <list of KeyVault URIs representing monitored certificates, e.g.: "https://myvault.vault.azure.net"
},
"authenticationSettings": {
"msiEndpoint": "http://localhost:40342/metadata/identity"
}
}
}
}
]
}
注意
您觀察到的憑證 URL 格式應該是 https://myVaultName.vault.azure.net/secrets/myCertName。
這是因為 /secrets 路徑會傳回完整憑證,私密金鑰也包括在內,/certificates 路徑則不會。 您可以在這裡找到有關憑證的詳細資訊:Key Vault 憑證
範本部署
將範本檔案儲存至磁碟。 接著,您可以使用下列命令,將延伸模組部署至連線的電腦。
注意
VM 延伸模組會要求將系統指派識別指派給金鑰保存庫,以進行驗證。 請參閱如何針對已啟用 Windows 和 Linux Azure Arc 伺服器,使用受控識別來對金鑰保存庫進行驗證。
New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateFile "D:\Azure\Templates\KeyVaultExtension.json"
下一步
您可以使用 Azure PowerShell,從 Azure 入口網站或 Azure CLI 來部署、管理和移除 VM 延伸模組。
疑難排解資訊可在針對 VM 延伸模組進行疑難排解指南中找到。