我花了一天的时间尝试从模板存储帐户部署Azure中的一些虚拟机。
我使用Set-AzureRmCurrentStorageAccount设置存储帐户,然后将变量分配给$token = New-AzureStorageContainerSASToken
我收到错误消息:
AuthenticationFailed Server无法验证请求。 确保授权标头的值正确形成,包括签名。 RequestId:3408956-0001-00ea-4cd1-2135c2000000时间:2017-08-12T21:27:54.6479108Z签名不符。 使用的字符串是2017-08-12T22:26:51Z / blob / homeworktest / blob 2016-05-31
PowerShell错误消息是
Message=Unable to download deployment content from 'https://storageaccountname.blob.core.windows.net/blob/azuredeploy.json'当我从$ token获取变量时,它会显示我随后使用URI的密钥,通过显示上述消息的浏览器访问json文件。
我正在使用的整个代码如下
Set-AzureRmContext -SubscriptionId "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx" Set-AzureRmCurrentStorageAccount -ResourceGroupName "ResGp" -Name "Storageaccount" $token2 = New-AzureStorageContainerSASToken -Name "json" -Permission r -ExpiryTime (Get-Date).AddMinutes(60.0) New-AzureRmResourceGroupDeployment -name Demo -ResourceGroupName ResGp ` -TemplateFile "https://storageaccountname.blob.core.windows.net/blob/azuredeploy.json" ` -TemplateParameterFile "https://storageaccountname.blob.core.windows.net/blob/azuredeploy.parameters.json" -verbose我看不出我做错了什么,还是我的整个做法有缺陷?
任何帮助\指导将不胜感激
提前致谢 :)
I've spent the day trying to deploy some VM's in Azure from a template storage account.
I use Set-AzureRmCurrentStorageAccount to set the storage account and then assign a variable to $token = New-AzureStorageContainerSASToken
I get the error message:
AuthenticationFailed Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:3408956-0001-00ea-4cd1-2135c2000000 Time:2017-08-12T21:27:54.6479108Z Signature did not match. String to sign used was r 2017-08-12T22:26:51Z /blob/homeworktest/blob 2016-05-31
The powershell error message is
Message=Unable to download deployment content from 'https://storageaccountname.blob.core.windows.net/blob/azuredeploy.json'When I get the variable from $token, it displays the key which i then use with the URI to access the json file via a browser which displays the message above.
The whole code I'm using is below
Set-AzureRmContext -SubscriptionId "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx" Set-AzureRmCurrentStorageAccount -ResourceGroupName "ResGp" -Name "Storageaccount" $token2 = New-AzureStorageContainerSASToken -Name "json" -Permission r -ExpiryTime (Get-Date).AddMinutes(60.0) New-AzureRmResourceGroupDeployment -name Demo -ResourceGroupName ResGp ` -TemplateFile "https://storageaccountname.blob.core.windows.net/blob/azuredeploy.json" ` -TemplateParameterFile "https://storageaccountname.blob.core.windows.net/blob/azuredeploy.parameters.json" -verboseI can't see what I'm doing wrong, or is my whole approach flawed?
Any help\guidance would be greatly appreciated
Thanks in advance :)
最满意答案
我看到有2个问题导致你的问题。
从代码中,您将为名为“ json ”的Azure存储容器生成共享访问签名(SAS)令牌,但是要为资源组部署下载的Blob位于与您生成的容器不同的容器之下SAS令牌。
您的模板参数链接和模板参数链接都没有附加容器SAS令牌,这意味着您没有访问它们的权限。
您的问题的解决方案:
更新blob链接中的容器名称 将Container SAS令牌附加到两个blob链接New-AzureRmResourceGroupDeployment -name Demo -ResourceGroupName ResGp ` -TemplateFile ("https://storageaccountname.blob.core.windows.net/json/azuredeploy.json" + $token2) ` -TemplateParameterFile ("https://storageaccountname.blob.core.windows.net/json/azuredeploy.parameters.json" + $token2) -verbose
I saw there are 2 issues which cause your problem.
From your code, you are generating a Shared Access Signature (SAS) token for an Azure storage container named "json", however the blobs which you want to download for your resource group deployment are under a different container than the container which you are generating the SAS token for.
Both your template and template parameters links does not have the container SAS token appended with, which means you don't have the permission to access them.
The solution for your problem:
Update the container name in your blob links Append the Container SAS token to both your blob linksNew-AzureRmResourceGroupDeployment -name Demo -ResourceGroupName ResGp ` -TemplateFile ("https://storageaccountname.blob.core.windows.net/json/azuredeploy.json" + $token2) ` -TemplateParameterFile ("https://storageaccountname.blob.core.windows.net/json/azuredeploy.parameters.json" + $token2) -verbose
更多推荐
发布评论