ARM 模板 DSC：配置未“看到”protectedSettings.configurationArguments答案

【问题标题】：ARM Template DSC: configuration does not 'see' protectedSettings.configurationArgumentsARM 模板 DSC：配置未“看到”protectedSettings.configurationArguments
【发布时间】：2017-06-13 10:52:02
【问题描述】：

我需要保护一个 DSC 配置参数（[pscredential]RegistrationKey），所以我把它放在“settings.protectedSettings.configurationData”下面：

"protectedSettings": {
                "configurationArguments": {
                  "RegistrationKey": {
                    "UserName": "PLACEHOLDER_DONOTUSE",
                    "Password": "[parameters('dscAutomationRegistrationKey')]"
                  }
                },
                "configurationUrlSasToken": "[parameters('artifactsLocationSasToken')]"
              }

我得到错误：

"VM has reported a failure when processing extension 'Microsoft.Powershell.DSC'. Error message: \"The DSC Extension failed to execute: Mandatory 
parameter RegistrationKey is missing.

如果我将 RegistrationKey 从“settings.protectedSettings.configurationArguments”移到“settings.configurationArguments”中，它会起作用，因此，我认为语法没有问题，所以我相信这与 PsDscAllowPlainTextPassword = $true 有关'不包含在 DSC 配置中。

（我试图将配置块包含在 PS1 文件中，但这引发了错误，提示无法完成）

我现在已经编写了一个配置数据 .psd1 文件，其中包含以下内容：

$ConfigData = @{
   AllNodes = @(
      @{
        NodeName = "*"
        PsDscAllowPlainTextPassword = $true 
       }
   )
}

并在settings.configurationdata.url 中引用它。

现在这会导致与以前相同的错误：VM 报告了故障...

从 PowerShell 调用 ARM 模板：

$oAutomationAccount = Get-AzureRmAutomationAccount -ResourceGroupName $AAresourceGroupName -Name $AutomationAccountName
$RegistrationInfo = $oAutomationAccount | Get-AzureRmAutomationRegistrationInfo

$DscRegKeyString = $RegistrationInfo.PrimaryKey
$ssDscAutomationRegistrationKey = (ConvertTo-SecureString -string $DscRegKeyString -AsPlainText -Force)

#Automation Account EndPoint Uri
$DscRegistrationUrl = $RegistrationInfo.Endpoint
$params = @{
    artifactsLocationSasToken = $TemplateSas
    vmName = "XYZ"
    dscAutomationRegistrationKey = $ssDscAutomationRegistrationKey
    dscAutomationRegistrationUrl = $DscRegistrationUrl
    dscNodeConfigurationName = "CreateAFolder.localhost"
    dscTimeStamp = (Get-Date -f "MM/dd/yyyy H:mm:ss tt") #"MM/dd/yyyy H:mm:ss tt"
    dscResourceUrl = $DscResourceUrl
    dscConfigurationUrl = $DscConfigurationUrl
    dscResourceScript = $DscResourceScriptName
    dscResourceFunction = "ConfigureLCMforAAPull"
    #sequenceId = $sequenceId
}

New-AzureRmResourceGroupDeployment @params `
                                  -Name "$TemplateInstance-$branch" `
                                  -ResourceGroupName $DeploymentResourceGroup.ResourceGroupName `
                                  -Mode Incremental `
                                  -DeploymentDebugLogLevel All `
                                  -TemplateUri $TemplateUri `
                                  -Verbose

我认为参数是作为正确类型传递的。

我做错了什么？

参考模板：https://github.com/Azure/azure-quickstart-templates/blob/master/dsc-extension-azure-automation-pullserver/azuredeploy.json

更新为使用更新的 DSC 架构：https://blogs.msdn.microsoft.com/powershell/2016/02/26/arm-dsc-extension-settings/

【问题讨论】：

标签： json powershell azure dsc

【解决方案1】：

这是我用于节点载入的模板：

{
    "name": "xxx",
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "[parameters('location')]",
    "apiVersion": "2015-06-15",
    "dependsOn": [
        "xxx"
    ],
    "properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "2.22",
        "autoUpgradeMinorVersion": false,
        "protectedSettings": {
            "Items": {
                "registrationKeyPrivate": "[parameters('registrationData')]"
            }
        },
        "settings": {
            "ModulesUrl": "https://github.com/Azure/azure-quickstart-templates/raw/master/dsc-extension-azure-automation-pullserver/UpdateLCMforAAPull.zip",
            "SasToken": "",
            "ConfigurationFunction": "UpdateLCMforAAPull.ps1\\ConfigureLCMforAAPull",
            "Properties": [
                {
                    "Name": "RegistrationKey",
                    "Value": {
                        "UserName": "PLACEHOLDER_DONOTUSE",
                        "Password": "PrivateSettingsRef:registrationKeyPrivate"
                    },
                    "TypeName": "System.Management.Automation.PSCredential"
                },
                {
                    "Name": "RegistrationUrl",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "NodeConfigurationName",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationMode",
                    "Value": "ApplyAndMonitor",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationModeFrequencyMins",
                    "Value": 15,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RefreshFrequencyMins",
                    "Value": 30,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RebootNodeIfNeeded",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "ActionAfterReboot",
                    "Value": "ContinueConfiguration",
                    "TypeName": "System.String"
                },
                {
                    "Name": "AllowModuleOverwrite",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "Timestamp",
                    "Value": "MM/dd/yyyy H:mm:ss tt",
                    "TypeName": "System.String"
                }
            ]
        }
    }
}

我知道它使用的是旧格式，但它确实有效，嗯。

【讨论】：