【发布时间】:2018-10-03 09:37:57
【问题描述】:
我正在尝试通过 arm 模板创建 HDInsight 集群。 我已在 Blob 存储中上传了 2 个文件,名为 template_customized.json 和 parameters.json。 对于传递密码参数,我使用了 key vault 概念。 如果我手动对密码值进行硬编码,则 arm 模板可以正常工作。 但是,如果我提供 keyvault 值,则会出现以下错误: 我正在通过 Azure 门户中的云 shell 执行 arm 模板(执行两次)
**PS Azure:\>** New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGroupName xxxx -TemplateUri https://xxxxxxxxxxxxx.blob.core.windows.net/test/template_customized.json -TemplateParameterUri https://xxxxxxxxxxxxx.blob.core.windows.net/test/parameters.json
New-AzureRmResourceGroupDeployment : 7:18:39 AM - Error: Code=InvalidTemplate; Message=Deployment template parse failed: 'Cannot populate JSON array onto type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Templates.Schema.TemplateInputParameter'. Path 'parameters.resources', line 66, position 18.'.
At line:1 char:1
+ New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : The deployment validation failed
At line:1 char:1
+ New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzResourceGroupDeployment], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
**PS Azure:\>** New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGroupName xxxx -TemplateUri https://xxxxxxxxxx.blob.core.windows.net/test/template_customized.json -TemplateParameterUri https://xxxxxxxxxxxxx.blob.core.windows.net/test/parameter
New-AzureRmResourceGroupDeployment : 7:19:02 AM - Error: Code=InvalidTemplate; Message=Deployment template parse failed: 'Cannot populate JSON array onto type 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Templates.Schema.TemplateInputParameter'. Path 'parameters.resources', line 66, position 18.'.
At line:1 char:1
+ New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : The deployment validation failed
At line:1 char:1
+ New-AzureRmResourceGroupDeployment -Name FirstDeployment -ResourceGro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzResourceGroupDeployment], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
出于安全目的,我对 blob 存储名称、存储名称、资源组名称、订阅 ID、keyvault 名称进行了脱敏处理。
template_customized.json
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "0.9.0.0",
"parameters": {
"clusterName": {
"type": "string",
"defaultValue": "hdiclustr",
"metadata": {
"description": "The name of the HDInsight cluster to create."
}
},
"clusterLoginUserName": {
"type": "string",
"defaultValue": "admin",
"metadata": {
"description": "These credentials can be used to submit jobs to the cluster and to log into cluster dashboards."
}
},
"clusterLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Cluster login."
}
},
"location": {
"type": "string",
"defaultValue": "eastus2",
"metadata": {
"description": "The location where all azure resources will be deployed."
}
},
"clusterVersion": {
"type": "string",
"defaultValue": "3.6",
"metadata": {
"description": "HDInsight cluster version."
}
},
"clusterWorkerNodeCount": {
"type": "int",
"defaultValue": 4,
"metadata": {
"description": "The number of nodes in the HDInsight cluster."
}
},
"clusterKind": {
"type": "string",
"defaultValue": "HADOOP",
"metadata": {
"description": "The type of the HDInsight cluster to create."
}
},
"sshUserName": {
"type": "string",
"defaultValue": "sshuser",
"metadata": {
"description": "These credentials can be used to remotely access the cluster."
}
},
"sshPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the SSH login."
}
},
"resources": [
{
"apiVersion": "2015-03-01-preview",
"name": "[parameters('clusterName')]",
"type": "Microsoft.HDInsight/clusters",
"location": "[parameters('location')]",
"dependsOn": [
"Microsoft.Storage/storageAccounts/xxxxxx"
],
"properties": {
"clusterVersion": "[parameters('clusterVersion')]",
"osType": "Linux",
"tier": "standard",
"clusterDefinition": {
"kind": "[parameters('clusterKind')]",
"componentVersion": {
"Hadoop": "2.7"
},
"configurations": {
"gateway": {
"restAuthCredential.isEnabled": true,
"restAuthCredential.username": "[parameters('clusterLoginUserName')]",
"restAuthCredential.password": "[parameters('clusterLoginPassword')]"
}
}
},
"storageProfile": {
"storageaccounts": [
{
"name": "xxxxx.blob.core.windows.net",
"isDefault": true,
"container": "hdiclustr-2018-09-26t05-51-17-421z",
"key": "[listKeys('Microsoft.Storage/storageAccounts/xxxx', '2015-05-01-preview').key1]"
}
]
},
"computeProfile": {
"roles": [
{
"autoScale": null,
"name": "headnode",
"minInstanceCount": 1,
"targetInstanceCount": 2,
"hardwareProfile": {
"vmSize": "Standard_D12_V2"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "[parameters('sshUserName')]",
"password": "[parameters('sshPassword')]"
}
},
"virtualNetworkProfile": null,
"scriptActions": []
},
{
"autoScale": null,
"name": "workernode",
"targetInstanceCount": 4,
"hardwareProfile": {
"vmSize": "Standard_D4_V2"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "[parameters('sshUserName')]",
"password": "[parameters('sshPassword')]"
}
},
"virtualNetworkProfile": null,
"scriptActions": []
},
{
"autoScale": null,
"name": "zookeepernode",
"minInstanceCount": 1,
"targetInstanceCount": 3,
"hardwareProfile": {
"vmSize": "Small"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "[parameters('sshUserName')]",
"password": "[parameters('sshPassword')]"
}
},
"virtualNetworkProfile": null,
"scriptActions": []
}
]
}
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"name": "xxxxx",
"apiVersion": "2015-05-01-preview",
"location": "eastus2",
"properties": {
"accountType": "Standard_LRS"
}
}
]
}
}
parameters.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"value": "xxxxxx"
},
"clusterLoginUserName": {
"value": "admin"
},
"clusterLoginPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxxxxx------xxx/resourcegroups/xxxxxx/providers/Microsoft.KeyVault/vaults/xxxxxxxxx"
},
"secretName": "xxxxxxx"
}
},
"location": {
"value": "eastus2"
},
"clusterWorkerNodeCount": {
"value": 4
},
"clusterKind": {
"value": "HADOOP"
},
"clusterVersion": {
"value": "3.6"
},
"sshUserName": {
"value": "sshuser"
},
"sshPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxxxxxxxx----xxxxx/resourcegroups/xxxxxx/providers/Microsoft.KeyVault/vaults/xxxxxxxxxxxx"
},
"secretName": "xxxxxxxx"
}
}
}
}
请您指导我哪里出错了。
【问题讨论】:
-
在
New-AzureRmResourceGroupDeployment调用中,您应该使用-TemplateUri而不是-TemplateFile和-TemplateParameterUri而不是-TemplateParameterFile -
New-AzureRmResourceGroupDeployment -Name xxxxxxx -ResourceGroupName xxxxx -TemplateUri xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -TemplateParameterUri xxxxxxxxxxxxxxxxxxxxxxxxxxxx New-AzureRmResourceGroupDeployment:上午 5:25:09 - 错误:代码 = 无效模板;消息=部署模板解析失败:'无法将 JSON 数组填充到类型'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Templates.Schema.TemplateInputParameter'。路径“parameters.resources”,第 66 行,位置 18。感谢格雷格的评论。但仍然遇到同样的错误。
标签: azure azure-resource-manager azure-hdinsight