【发布时间】:2019-08-21 19:00:23
【问题描述】:
我正在使用 ARM 模板部署 ILB ASE,它工作正常,但我现在尝试在 ILB ASE 上放置一个自签名证书,作为该部署的一部分,它一直失败并出现错误 The specified network password is not correct。
我实际上是通过 Terraform 应用 ARM 模板。我将证书和密码存储在 Key Vault 中。我使用下面的 PowerShell 行从 Key Vault 中提取证书,然后将其作为变量传递到 Terraform。这是 Base64 编码格式的证书:
$aseCertBase64 = (Get-AzureKeyVaultSecret -VaultName $kvName -Name $kvASECertName).SecretValueText
我首先尝试使用 Terraform 数据资源获取 Cert 密码,但该部署失败并出现 The specified network password is not correct 错误。为了解决密码问题,我直接将明文密码放入 ARM 模板并重新运行部署。部署再次失败,出现同样的错误,所以现在我不确定它在寻找什么。
我通过使用 PowerShell 从 Key Vault 中提取证书和密码、转换证书然后成功将其导入我的本地存储来验证密码是否正确。
下面是我正在使用的 ARM 模板:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ilbase_name": {
"type": "string",
"metadata": {
"description": "The name of the ILBASE"
}
},
"ilbase_domain_name": {
"type": "string",
"metadata": {
"description": "The prviate domain name inside ILBASE"
}
},
"ilbase_subnet_name": {
"type": "string",
"metadata": {
"description": "The name of the subnet assigned to the ILBASE"
}
},
"ilbase_rglocation": {
"defaultValue": "East US",
"type": "string",
"metadata": {
"description": "The region where the ILBASE will be deployed"
}
},
"vnet_name": {
"type": "string",
"metadata": {
"description": "The name of the vnet the ILBASE subnet is part of"
}
},
"vnet_rg": {
"type": "string",
"metadata": {
"description": "The name of the resource group the ILBASE vnet is in"
}
},
"vnet_id": {
"type": "string",
"metadata": {
"description": "The resource id of the ILBASE vnet"
}
},
"aseCert": {
"type": "string",
"metadata": {
"description": "The Base64 encoded string containing the cert to be applied to the ILBASE"
}
},
"aseCertPwd": {
"defaultValue": "XNKVTzCell637BNl",
"type": "string",
"metadata": {
"description": "The password for the ILBASE certificate"
}
},
"aseCertName": {
"defaultValue": "aseCert",
"type": "string",
"metadata": {
"description": "The password for the ILBASE certificate"
}
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/certificates",
"name": "[parameters('aseCertName')]",
"location": "[parameters('ilbase_rglocation')]",
"properties": {
"pfxBlob": "[parameters('aseCert')]",
"password": "[parameters('aseCertPwd')]",
"hostingEnvironmentProfile": {
"id": "[resourceId('Microsoft.Web/hostingEnvironments',parameters('ilbase_name'))]"
}
},
"dependsOn": [
"[concat('Microsoft.Web/hostingEnvironments/',parameters('ilbase_name'))]"
]
},
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Web/hostingEnvironments",
"name": "[parameters('ilbase_name')]",
"kind": "ASEV2",
"location": "[parameters('ilbase_rglocation')]",
"properties": {
"name": "[parameters('ilbase_name')]",
"location": "[parameters('ilbase_rglocation')]",
"vnetName": "[parameters('vnet_name')]",
"vnetResourceGroup": "[parameters('vnet_rg')]",
"vnetSubnetName": "[parameters('ilbase_subnet_name')]",
"virtualNetwork": {
"Id": "[parameters('vnet_id')]",
"Subnet": "[parameters('ilbase_subnet_name')]"
},
"dnsSuffix": "[parameters('ilbase_domain_name')]",
"internalLoadBalancingMode": "Web, Publishing",
"multiSize": "Medium",
"multiRoleCount": 2,
"ipsslAddressCount": 0,
"networkAccessControlList": [],
"frontEndScaleFactor": 15,
"suspended": false
}
}
]
}
【问题讨论】:
标签: azure powershell azure-app-service-envrmnt terraform-provider-azure