我试图在Azure中编写一堆资源的脚本,作为其中的一部分,我需要一个Web应用程序,以便能够通过vNet与VM上运行的服务进行通信.
我已经创建了一个模板,它似乎做了创建连接所需的一切,但由于某种原因没有建立连接.查看门户网站显示该站点已连接到vNet并且证书已同步,但vNet网关上的点对站配置未显示活动连接.
但是,如果我从vNet断开Web应用程序的连接,然后使用Azure门户中的设置按钮重新连接到同一个vNet,则一切正常.
我的模板中肯定会有一些东西丢失,但过去几个小时看起来我无法解决问题
这是我的ARM模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion": "1.0.0.0","parameters": {
},"variables": {
},"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups","name": "[variables('nsgName')]","apiVersion": "2016-03-30","location": "[parameters('location')]","properties": {
"securityRules": []
},"resources": [ ],"dependsOn": [ ]
},{
"type": "Microsoft.Network/networkSecurityGroups","name": "[variables('infrastructureNsgName')]",{
"type": "Microsoft.Network/virtualNetworks","name": "[variables('vnetName')]","properties": {
"addressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},"subnets": [
{
"name": "default","properties": {
"addressPrefix": "10.1.0.0/17","networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('nsgName'))]"
}
}
},{
"name": "infrastructure","properties": {
"addressPrefix": "10.1.254.0/24",variables('infrastructureNsgName'))]"
}
}
},{
"name": "GatewaySubnet","properties": {
"addressPrefix": "10.1.128.0/24"
}
}
]
},"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups',variables('nsgName'))]","[resourceId('Microsoft.Network/networkSecurityGroups',variables('infrastructureNsgName'))]"
]
},{
"type": "Microsoft.Web/sites","kind": "api","name": "[variables('gatewaySiteName')]","apiVersion": "2015-08-01","properties": {
"name": "[variables('gatewaySiteName')]","hostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]"
],"enabledHostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]","[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]"
],"hostNameSslStates": [
{
"name": "[concat(variables('gatewaySiteName'),"sslState": 0,"thumbprint": null,"ipBasedSslState": 0
},{
"name": "[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]","ipBasedSslState": 0
}
],"serverFarmId": "[resourceId('Microsoft.Web/serverfarms',variables('gatewayServerFarmName'))]"
},"resources": [],"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms',variables('gatewayServerFarmName'))]","[concat('Microsoft.Network/virtualNetworks/',variables('vnetName'))]"
]
},{
"type": "Microsoft.Web/serverfarms","sku": {
"name": "S1","tier": "Standard","size": "S1","family": "S","capacity": 1
},"kind": "","name": "[variables('gatewayServerFarmName')]","properties": {
"name": "[variables('gatewayServerFarmName')]","numberOfWorkers": 1
},{
"name": "[variables('vnetGatewayIpName')]","type": "Microsoft.Network/publicIPAddresses","apiVersion": "2015-06-15","properties": {
"publicIPAllocationMethod": "Dynamic"
}
},{
"name": "[variables('vnetGatewayName')]","type": "Microsoft.Network/virtualNetworkGateways","dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/',variables('vnetGatewayIpName'))]",variables('vnetName'))]"
],"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic","subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('vnetName'),'GatewaySubnet')]"
},"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('vnetGatewayIpName'))]"
}
},"name": "vnetGatewayConfig"
}
],"gatewayType": "Vpn","vpnType": "RouteBased","enableBgp": false,"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"172.16.201.0/24"
]
},"vpnClientRootCertificates": [
{
"name": "AppServiceCertificate.cer","properties": {
"PublicCertData": "[reference(concat('Microsoft.Web/sites/',variables('gatewaySiteName'),'/virtualNetworkConnections/virtualNetworkConnections')).certBlob]"
}
}
]
}
}
},{
"name": "[variables('gatewayVnetConnectionName')]","type": "Microsoft.Web/sites/virtualNetworkConnections","dependsOn": [
"[concat('Microsoft.Web/sites/',variables('gatewaySiteName'))]","properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks',variables('vnetName'))]"
}
}
]
}
解决方法
我只能通过ARM模板来完成这项工作.
但是,如果您可以在创建后再花费一个PowerShell命令,那么它可以很好地工作:
但是,如果您可以在创建后再花费一个PowerShell命令,那么它可以很好地工作:
# Set VNET Integration for Web App
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe"
$WebApp = "LearningMomentsInProduction"
$PropertiesObject = @{
vnetName = "JimAreYouSureThisIsTheStagingVNET";
}
Set-AzureRmResource -PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroup `
-ResourceType Microsoft.Web/sites/config `
-ResourceName $WebApp/web `
-ApiVersion 2015-08-01 -Force -Verbose |
Select -expand Properties |
Select VnetName
# Expected output:
#
# VnetName
# --------
# JimAreYouSureThisIsTheStagingVNET
#
# At this point your Web App is hooked up to the VNET
编辑:
这不符合我的想法.
要重新同步Point-to-site证书:
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe"
# VNET Name or Gateway name,try with gateway name!
$vnetName = "JimAreYouSureThisIsTheStagingVNET";
$PropertiesObject = @{
resyncrequired = "true"
}
Set-AzureRmResource -PropertyObject $PropertiesObject -ResourceGroupName $ResourceGroup `
-ResourceType Microsoft.Web/sites/virtualNetworkConnections `
-ResourceName $VnetName
-ApiVersion 2015-08-01 `
-Force -Verbose
