Попытка развернуть шлюз приложений в Azure с шаблоном ARM, но он не может ссылаться на слушателя при создании - PullRequest
0 голосов
/ 16 ноября 2018

Я последовал этому скрипту быстрого запуска с нужными мне изменениями

https://github.com/Azure/azure-quickstart-templates/blob/master/201-application-gateway-2vms-iis-ssl/azuredeploy.json

Но я получаю ошибку

11:43:49 PM - Resource Microsoft.Network/applicationGateways 'testAppGw' failed with message '{

  "error": {

    "code": "InvalidResourceReference",

    "message": "Resource Microsoft.Network/applicationGateways/testAppGw/frontendIPConfigurations/appPiP referenced by resource /subscriptions/0443e/resourceGroups/RG/providers/Microsoft.Network/applicationGateways/testAppGw/httpListeners/listener was not found. Please make sure that the referenced resource exists, and that both resources are in the same region."

Мой код:

       {
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "applicationGatewayName": {
      "type": "string",
      "defaultValue": "testappgw",
      "metadata": {
        "description": "Application Gateway Name"
      }
    },
    "location": {
      "type": "string",
      "metadata": {
        "description": "Application Gateway Location"
      }
    },
    "applicationGatewaySize": {
      "type": "string",
      "allowedValues": [
        "WAF_Medium",
        "WAF_Large"
      ],
      "defaultValue": "WAF_Medium",
      "metadata": {
        "description": "Application Gateway size, using WAF"
      }
    },
    "wafMode": {
      "type": "string",
      "allowedValues": [
        "Detection",
        "Prevention"
      ],
      "defaultValue": "Detection",
      "metadata": {
        "description": "WAF Mode"
      }
    },
    "wafRuleSetVersion": {
      "type": "string",
      "allowedValues": [
        "3.0",
        "2.2.9"
      ],
      "metadata": {
        "description": "Version of the WAF OWASP rule set type."
      }
    },
    "appGwPublicIpName": {
      "type": "string",
      "defaultValue": "testappgw",
      "metadata": {
        "description": "Application Gateway Public IP Name"
      }
    }, 
    "createNewVirtualNetwork": {
      "type": "bool",
      "metadata": {
        "description": "Use an existing virtual network or create a new one "
      }
    },
    "virtualNetworkName": {
      "type": "string",
      "metadata": {
        "description": "Name of the virtual network the Application Gateway is located in"
      }
    },
    "virtualNetworkAddressPrefix": {
      "type": "string",
      "metadata": {
        "description": "Prefix of the virtual network"
      }
    },
    "appGWSubnetName": {
      "type": "string",
      "defaultValue": "testappgw",
      "metadata": {
        "description": "Application Gateway Subnet name"
      }
    },
    "appGatewaySubnetPrefix": {
      "type": "string",
      "metadata": {
        "description": "Prefix of the subnet that the application gateway is located in"
      }
    },
    "appGWNsgName": {
      "type": "string",
      "metadata": {
        "description": "Name of the network security group for the app gateway subnet"
      }
    },
    "applicationGatewayInstanceCount": {
      "type": "int",
      "allowedValues": [
        1,
        2,
        3,
        4,
        5,
        6,
        7,
        8,
        9,
        10
      ],
      "defaultValue": 1,
      "metadata": {
        "description": "application gateway instance count"
      }
    },
    "httpListenerName": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Name for http listener"
      }
    },
    "httpListenerHostName": {
      "type": "string",
      "metadata": {
        "description": "Host name for HTTP Listener"
      }
    },
    "httpListenerServerNameIndication": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "description": "True or False to require server name indication"
      }
    },
    "frontEndPortName": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Name of the application gateway front end port"
      }
    },
    "frontEndPort": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Front end port"
      }
    },
    "frontEndProtocol": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Http or Https"
      }
    },
    "backendAddressPoolName": {
        "type": "string",
        "minLength": 1,
        "metadata": {
          "description": "Name for the backend pool"
        }
      },
    "backendIPAddresses": {
      "type": "array",  
      "metadata": {  
        "description": "backend pool ip addresses"
      }  
    },
    "backEndPort": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "backend port"
      }
    },
    "backEndProtocol": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Http or Https"
      }
    },
    "cookieBasedAffinity": {
      "type": "string",
      "allowedValues": [
        "Disabled",
        "Enabled"
      ],
      "metadata": {
        "description": "Value to use cookie based affinity. Acceptable values are Disabled, Enabled"
      }
    },
    "SSLCertificateName": {
      "type": "string",
      "metadata": {
        "description": "Name for the SSLcert"
      }
    },
    "frontendCertData": {
      "type": "string",
      "metadata": {
        "description": "Base-64 encoded form of the .pfx file. This is the cert terminating on the Application Gateway."
      }
    },
    "frontendCertPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Password for .pfx certificate"
      }
    },
    "routingRulesName": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Name of routing rules request"
      }
    },
    "routingRulesType": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Routing rule type. Acceptable values are Basic and PathBasedRouting"
      }
    }
  },
  "variables": {
    "appGatewaySubnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('appGWsubnetName'))]",
    "appGwPublicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('appGwPublicIpName'))]",
    "applicationGatewayID": "[resourceId('Microsoft.Network/applicationGateways',parameters('applicationGatewayName'))]"
  },
  "resources": [
    {
      "apiVersion": "2017-03-01",
      "type": "Microsoft.Network/publicIPAddresses",
      "name": "[parameters('appGwPublicIpName')]",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "[parameters('appGwPublicIpName')]"
      },
      "properties": {
        "publicIPAllocationMethod": "Dynamic"
      }
    },
    {
      "apiVersion": "2016-03-30",
      "type": "Microsoft.Network/networkSecurityGroups",
      "name": "[parameters('appGwNsgName')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "Allow80",
            "properties": {
              "description": "Allow 80 from Internet",
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "80",
              "sourceAddressPrefix": "Internet",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 100,
              "direction": "Inbound"
            }
          },
          {
            "name": "Allow443",
            "properties": {
              "description": "Allow 443 from Internet",
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "443",
              "sourceAddressPrefix": "Internet",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 102,
              "direction": "Inbound"
            }
          },
          {
            "name": "AllowAppGwProbes",
            "properties": {
              "description": "Allow ports for App Gw probes",
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "65503-65534 ",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 103,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "apiVersion": "2016-03-30",
      "type": "Microsoft.Network/virtualNetworks",
      "condition": "[parameters('createNewVirtualNetwork')]",
      "name": "[parameters('virtualNetworkName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('virtualNetworkAddressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('appGWSubnetName')]",
            "properties": {
              "addressPrefix": "[parameters('appGatewaySubnetPrefix')]",
              "networkSecurityGroup": {
                "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('appGwNsgName'))]"
              }
            }
          }
        ]
      }
    },
    {
      "apiVersion": "2017-06-01",
      "name": "[parameters('applicationGatewayName')]",
      "type": "Microsoft.Network/applicationGateways",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "ApplicationGateway"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
        "[resourceId('Microsoft.Network/publicIPAddresses/', parameters('appGwPublicIpName'))]"
      ],
      "properties": {
        "sku": {
          "name": "[parameters('applicationGatewaySize')]",
          "tier": "WAF",
          "capacity": "[parameters('applicationGatewayInstanceCount')]"
        },

        "sslCertificates": [
          {
            "name": "[parameters('SSLCertificateName')]",
            "properties": {
              "data": "[parameters('frontendCertData')]",
              "password": "[parameters('frontendCertPassword')]"
            }
          }

        ],
        "gatewayIPConfigurations": [
          {
            "name": "appGatewayIpConfig",
            "properties": {
              "subnet": {
                "id": "[variables('appGatewaySubnetRef')]"
              }
            }
          }
        ],
        "frontendIPConfigurations": [
          {
            "name": "appGatewayFrontendIP",
            "properties": {
              "PublicIPAddress": {
                "id": "[variables('appGwPublicIPRef')]"
              }
            }
          }
        ],
        "frontendPorts": [
          {
            "name": "appGatewayFrontendPort",
            "properties": {
              "Port": "[parameters('frontendPort')]"
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "[parameters('backendAddressPoolName')]",
            "properties": {
              "BackendAddresses": "[parameters('backendIPAddresses')]"     
            }
          }
        ],
        "backendHttpSettingsCollection": [
          {
            "name": "appGatewayBackendHttpSettings",
            "properties": {
              "Port": "[parameters('backendPort')]",
              "Protocol": "[parameters('backendProtocol')]",
              "CookieBasedAffinity": "[parameters('CookieBasedAffinity')]"
            }
          }
        ],
        "httpListeners": [
          {
            "name": "[parameters('httpListenerName')]",
            "properties": {
              "FrontendIPConfiguration": {
                "Id": "[concat(variables('applicationGatewayID'), '/frontendIPConfigurations/',parameters('appGwPublicIpName'))]"
              },
              "FrontendPort": {
                "Id": "[concat(variables('applicationGatewayID'), '/frontendPorts/', parameters('frontEndPortName'))]"
              },
              "Protocol": "[parameters('frontendProtocol')]",
              "SslCertificate": {
                "Id": "[concat(variables('applicationGatewayID'), '/sslCertificates/', parameters('SSLCertificateName'))]"
              },
              "HostName": "[parameters('httpListenerHostName')]",
              "RequireServerNameIndication": "[parameters('httpListenerServerNameIndication')]"
            }
          }
        ],
        "requestRoutingRules": [
          {
            "Name": "[parameters('routingRulesName')]",
            "properties": {
              "RuleType": "[parameters('routingRulesType')]",
              "httpListener": {
                "id": "[concat(variables('applicationGatewayID'), '/httpListeners/', parameters('httpListenerName'))]"
              },
              "backendAddressPool": {
                "id": "[concat(variables('applicationGatewayID'), '/backendAddressPools/', parameters('backendAddressPoolName'))]"
              },
              "backendHttpSettings": {
                "id": "[concat(variables('applicationGatewayID'), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
              }
            }
          }
        ],
        "webApplicationFirewallConfiguration": {
          "enabled": true,
          "firewallMode": "[parameters('wafMode')]",
          "ruleSetType": "OWASP",
          "ruleSetVersion": "[parameters('wafRuleSetVersion')]",
          "disabledRuleGroups": []
        }
      }
    }
  ],
  "outputs": {}
}

Я запускаю его так:

  New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName `
                                       -Name $deploymentName `
                                       -Mode Incremental `
                                       -TemplateUri ($templateUri + $templateToken) `
                                       -location $location `
                                       -applicationGatewayName $applicationGatewayName `
                                       -applicationGatewaySize $applicationGatewaySize `
                                       -wafMode $wafMode `
                                       -wafRuleSetVersion $wafRuleSetVersion `
                                      -appGwPublicIpName $appGwPublicIpName `
                                       -createNewVirtualNetwork $createNewVirtualNetwork `
                                       -virtualNetworkName $virtualNetworkName `
                                       -virtualNetworkAddressPrefix $virtualNetworkAddressPrefix `
                                       -appGWSubnetName $appGWSubnetName `
                                       -appGatewaySubnetPrefix $appGatewaySubnetPrefix `
                                       -appGWNsgName $appGWNsgName `
                                       -applicationGatewayInstanceCount $applicationGatewayInstanceCount `
                                       -httpListenerName $httpListenerName `
                                       -httpListenerHostName $httpListenerHostName `
                                       -httpListenerServerNameIndication $httpListenerServerNameIndication `
                                       -frontEndPort $frontEndPort `
                                       -frontEndProtocol $frontEndProtocol `
                                       -backendAddressPoolName $backendAddressPoolName `
                                       -backendIPAddresses $backendIPAddresses `
                                       -backEndPort $backEndPort `
                                       -backEndProtocol $backEndProtocol `
                                       -cookieBasedAffinity $cookieBasedAffinity `
                                       -SSLCertificateName $SSLCertificateName `
                                       -frontendCertData $frontendCertData `
                                       -frontendCertPassword $frontendCertSecuredPassword `
                                       -routingRulesName $routingRulesName `
                                       -routingRulesType $routingRulesType `
                                       | Out-Null

edit: я изменил способ привязки идентификатора для порта внешнего интерфейса для настроек прослушивателя и обновил код пула внутренних адресов.

1 Ответ

0 голосов
/ 25 ноября 2018

Мой идентификатор использовал параметр для моей конфигурации IP внешнего интерфейса, но мое определение было жестко закодировано.

    "frontendIPConfigurations": [
      {
        "name": "appGatewayFrontendIP",
        "properties": {
          "PublicIPAddress": {
            "id": "[variables('appGwPublicIPRef')]"
          }
        }
      }
    ],

    "httpListeners": [
      {
        "name": "[parameters('httpListenerName')]",
        "properties": {
          "FrontendIPConfiguration": {
            "Id": "[concat(variables('applicationGatewayID'), '/frontendIPConfigurations/',parameters('appGwPublicIpName'))]"
          },
...