在准备Linux VM部署的SSL证书时,为什么"az vm机密格式"命令失败? [英] Why does 'az vm secret format' command fail when prepping SSL cert of Linux VM deployment?
问题描述
我正在尝试按照提供的说明准备SSL证书,以部署到Azure上托管的Linux VM:
I am trying to prepare an SSL certificate for deployment to Linux VM hosted on Azure following the instructions provided at:
第一行:
$secret=$(az keyvault secret list-versions --vault-name myVaultName --name myCertName --query "[?attributes.enabled].id" --output tsv)
执行正常,并且$ secret包含期望值.但是,当我执行第二行时:
executes fine, and $secret contains the expected value. However when I execute the second line:
$vm_secret=$(az vm secret format --secret "$secret")
我得到一个错误:
unable to find vault 'myVaultName' in current subscription.
我仔细检查了命令格式和参数,没有发现任何错误.怎么回事?
I have double-checked the command format and parameters and can find nothing wrong. What going on?
推荐答案
这很奇怪. CLI命令以前可以正常运行,但现在需要添加具有密钥库名称的参数--keyvault和具有资源组名称的-g,如下所示:
That's a strange thing. The CLI command works fine before, but now it needs to add the parameter --keyvault with the key vault name and -g with resource group name like this:
$vm_secret=$(az vm secret format --secret "$secret" -g groupName --keyvault keyvaultName)
或只需将参数--keyvault与密钥库ID添加在一起:
Or just add the parameter --keyvault with the key vault Id:
$vm_secret=$(az vm secret format --secret "$secret" --keyvault keyvault_resourceId)
因此它可以正常工作而不会出现错误.
So that it can work fine without giving the error.
注意:如果使用几个月前创建的旧密钥库,则给出错误的CLI命令在我的测试中也可以使用.所以有点奇怪.而且我发现属性默认值有些不同.
Note: if you use the old key vault created serial months ago, the CLI command that giving the error would also work in my test. So it's a little strange. And I find there is something different with the properties default value.
我认为最好在Linux环境中运行CLI命令,Windows和Linux中的CLI rin有所不同,有可能导致错误. Linux中的脚本将如下所示:
I think it's better to run CLI command in a Linux environment, there is something different that CLI rin in Windows and Linux, it's possible to cause the error. And the script in Linux will like below:
az keyvault certificate create --vault-name keyvault_name --name cert_name --policy "$(az keyvault certificate get-default-policy)"
secret=$(az keyvault secret list-versions --vault-name keyvault_name --name cert_name --query "[?attributes.enabled].id" --output tsv)
vm_secret=$(az vm secret format --secrets "$secret" --resource-group group_name --keyvault keyvault_name)
az vm update -g charles -n azureUbuntu18 --set osProfile.secrets="$vm_secret"
这篇关于在准备Linux VM部署的SSL证书时,为什么"az vm机密格式"命令失败?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
