azure 从快照创建VMSS

xyhw6mcr  于 2023-08-07  发布在  其他
关注(0)|答案(1)|浏览(98)

我有虚拟机的快照,是否可以从快照创建安全类型为可信启动的VMSS?
我尝试从快照创建映像并从映像部署VMSS。但是得到错误

$rgName = "existing-snapshot-rg"
$location = "EastUS"
$snapshotName = "Myexistingsnapshot"
$imageName = "myImage3"
$vnetName = "my-vnet"
$vmssNetwork = "vmss-network"
$VMSSName = "vmssnapshot"
$computerName = "computer"
$securityType = "TrustedLaunch";

$snapshot = Get-AzSnapshot -ResourceGroupName $rgName -SnapshotName $snapshotName
$imageConfig = New-AzImageConfig -Location $location -HyperVGeneration v2
$imageConfig1 = Set-AzImageOsDisk -Image $imageConfig -OsState Generalized -OsType Windows -SnapshotId $snapshot.Id
New-AzImage -ImageName $imageName -ResourceGroupName $rgName -Image $imageConfig1

#Get the custom image 
$image = Get-AzureRmImage -ResourceGroupName $rgName -ImageName $imageName

# Get the existing Vnet
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name $vnetName

#IP configuration
$ipName = "ipConfig1"

#create the IP configuration
$ipConfig = New-AzureRmVmssIpConfig -Name $ipName -LoadBalancerBackendAddressPoolsId $null -SubnetId $vnet.Subnets[0].Id

#create vmss configuration
$vmss = New-AzureRmVmssConfig -Location "East US" -SkuCapacity 2 -SkuName "Standard_D2s_v3" -UpgradePolicyMode "Automatic" -ErrorAction Stop
$vmss1 = Set-AzVmssSecurityProfile -VirtualMachineScaleSet $vmss -SecurityType $securityType;

##Add the network interface configuration to the scale set configuration
Add-AzureRmVmssNetworkInterfaceConfiguration -VirtualMachineScaleSet $vmss1 -Name $vmssNetwork -Primary $true -IPConfiguration $ipConfig 

# set the stroage profile 
Set-AzureRmVmssStorageProfile -VirtualMachineScaleSet $vmss1 -OsDiskCreateOption "FromImage" -OsDiskCaching "None" -ImageReferenceId $image.Id -OsDiskOsType Windows

#set the os profile
Set-AzureRmVmssOSProfile -ComputerNamePrefix $computerName -AdminUsername "azureuser" -AdminPassword "azureuser@2018" -VirtualMachineScaleSet $vmss1

#create the vmss
New-AzVMss -ResourceGroupName $rgName -Name $VMSSName -VirtualMachineScaleSet $vmss1

字符串
错误:New-AzVmss:安全类型为TrustedLaunch的虚拟机不支持托管映像。错误代码:BadRequest错误消息:安全类型为TrustedLaunch的虚拟机不支持托管映像。错误目标:状态代码:400个理由短语:错误请求

flvlnr44

flvlnr441#

错误:New-AzVmss:安全类型为TrustedLaunch的虚拟机不支持托管映像。错误代码:BadRequest错误消息:安全类型为TrustedLaunch的虚拟机不支持托管映像。错误目标:状态代码:400个理由短语:错误请求
如果未在快照中启用受信任启动,则通常会发生此错误。检查支持的vm生成的此MsDoc。
创建了一个快照或一般化的虚拟机和磁盘,并创建快照与安全类型可信午餐如下。
x1c 0d1x的数据
如果快照中未启用可信午餐,则应使用Trusted launch VM Supported源类型。参考此MsDoc
您可以使用下面的PowerShell脚本来进行可信午餐:

$rgName = "MyResourceGroup"
$galleryName = "MyGallery"
$galleryImageDefinitionName = "MyImageDef"
$location = "eastus"
$publisherName = "TrustedlaunchPublisher"
$offerName = "TrustedlaunchOffer"
$skuName = "TrustedlaunchSku"
$description = "My gallery"
$SecurityType = @{Name='SecurityType';Value='TrustedLaunch'}
$features = @($SecurityType)
New-AzGalleryImageDefinition -ResourceGroupName $rgName -GalleryName $galleryName -Name $galleryImageDefinitionName -Location $location -Publisher $publisherName -Offer $offerName -Sku $skuName -HyperVGeneration "V2" -OsState "Generalized" -OsType "Windows" -Description $description -Feature $features

字符串
按如下所示概括受信任的启动VM和映像版本:




当快照未启用Trusted lunch时,映像定义上的安全类型应设置为TrustedLaunchsupported
您可以使用下面的PowerShell脚本来支持Trusted Launch:

$rgName = "MyResourceGroup"
$galleryName = "MyGallery"
$galleryImageDefinitionName = "MyImageDef"
$location = "eastus"
$publisherName = "TrustedlaunchPublisher"
$offerName = "TrustedlaunchOffer"
$skuName = "TrustedlaunchSku"
$description = "My gallery"
$SecurityType = @{Name='SecurityType';Value='TrustedLaunchSupported'}
$features = @($SecurityType)
New-AzGalleryImageDefinition -ResourceGroupName $rgName -GalleryName $galleryName -Name $galleryImageDefinitionName -Location $location -Publisher $publisherName -Offer $offerName -Sku $skuName -HyperVGeneration "V2" -OsState "Generalized" -OsType "Windows" -Description $description -Feature $features


现在,我可以从快照成功创建虚拟机规模集安全类型为Trusted Launch,如下所示:



x1c4d 1x的

参考:

Deploy a trusted launch VM - Azure Virtual Machines | Microsoft Learn

相关问题