我目前正试图通过ARM模板部署Linux扩展LAD。根据文档,扩展需要一个SasToken和一个具有表容量的存储帐户才能工作。在调用类似于此方法的方法以创建SasToken并使用该令牌部署扩展之前,我部署了存储帐户。
在安装扩展插件时,此操作效果良好。但是,如果我在门户中查看它,就会出现一个错误。它告诉我需要容器和对象权限,而我以前没有这些权限,但现在我修改了SasToken参数,将它们包含在部署中。
我试着从邮件中查找主要关键字,但我找不出来。
这是错误(很长):
在生成的mdsd配置中检测到问题。无法启用,尽管此安装/启用操作报告为成功,因此VM可以成功启动。Linux诊断扩展将退出。配置验证消息:2020-11-25T17:07:57.9564180Z:未定义所有GCS环境变量。缺少6:MONITORING_GCS_Environmental MONITORING_GCS_ACCOUNT MONITORING_GCS_REGION MONITORIN_GCS_CERTFILE MONITORING-GCS_CERT_KEYFILE MONITORING_GCS_STORAGE_RESOURCE_TAG_TYPE。不会使用GCS。分析报告了以下消息:/var/lib/wagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(3)错误:给定的SAS令牌无效。原因:帐户SAS必须启用容器和对象访问(srt='co'或更好)/var/lib/wagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(18)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(25)错误:未定义默认凭据/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostics-3.0.131/xmlCfg.xml(31)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(45)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(60)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(71)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(84)致命:AddMonikerEventInfo()失败:找不到默认凭据/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义默认凭据/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义子元素/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义默认凭据/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义子元素/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义默认凭据/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostic-3.0.131/xmlCfg.xml(97)错误:未定义子元素/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostic-3.0.131/xml Cfg.xml(97/var/lib/waagent/Microsoft.Azure.Diagnostic.LinuxDiagnostics-3.0.131/xmlCfg.xml(97)错误:未定义默认凭据/var/lib/wagent/Microsoft.Azure.Ddiagnostic.LanuxDiagnostics-3.0.131/xmlCfg.xml(97)错误:未定义子元素
这是我的没有ladcfg的模板,因为它很长:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"metadata": {
"description": "The VM Name."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The location."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Storage Account Name."
}
},
"storageAccountEndpoint": {
"type": "string",
"metadata": {
"description": "Storage Account Endpoint."
},
"defaultValue": "https://core.windows.net"
},
"accountSasProperties": {
"type": "object",
"defaultValue": {
"signedServices": "btq",
"signedPermission": "rwlacup",
"signedExpiry": "2030-01-01T00:00:01Z",
"signedResourceTypes": "sco",
"keyToSign":"key1"
}
}
},
"variables": {
"perfSink": "[concat(parameters('vmName'),'-perfSink')]",
"sysLogSink": "[concat(parameters('vmName'),'-sysLogSink')]"
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'), '/LinuxDiagnostic')]",
"apiVersion": "2019-07-01",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.Diagnostics",
"type": "LinuxDiagnostic",
"typeHandlerVersion": "3.0",
"autoUpgradeMinorVersion": true,
"settings": {
"sinksConfig": {
"sink": [
{
"name": "[variables('perfSink')]",
"type": "JsonBlob"
},
{
"name": "[variables('syslogSink')]",
"type": "JsonBlob"
}
]
},
"StorageAccount": "[parameters('storageAccountName')]",
"ladCfg": { ... }
},
"protectedSettings": {
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountEndPoint": "[parameters('storageAccountEndpoint')]",
"storageAccountSasToken": "[listAccountSas(resourceId('Microsoft.Storage/storageAccounts',parameters('storageAccountName')), '2018-02-01', parameters('accountSasProperties')).accountSasToken]"
}
}
}
],
"outputs": {
}}
我衷心感谢所提供的任何帮助。
我的建议总结如下。
当我们安装Linux诊断扩展来监控指标和日志并将数据存储到Azure存储时,我们应该为Blob和表服务(ss='bt')提供一个帐户SAS令牌,适用于容器和对象(srt='co'),授予添加、创建、列出、更新和写入权限(sp='acluw')。此外,关于如何在Azure ARM模板中创建帐户SAS令牌,我们可以使用ARM资源函数listAccountSas
例如
"parameters": {
"accountSasProperties": {
"type": "object",
"defaultValue": {
"signedServices": "bt",
"signedResourceTypes": "co",
"signedPermission": "acluw",
"signedExpiry": "9001-01-30T16:00:00Z"
}
}
},
...
"sasToken": "[listAccountSas(parameters('storagename'), '2018-02-01', parameters('accountSasProperties')).accountSasToken]"
有关更多详细信息,请参阅
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-resource?tabs=json#list-示例
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/diagnostics-linux?toc=/azure/azure-monitor/toc.json#受保护的设置