以https://techcommunity.microsoft.com/t5/azure-virtual-desktop/arm-avd-with-terraform/m-p/2639806为灵感,我想部署AVD,但使用Terraform将AAD加入虚拟机。我已根据文章在Terraform中定义了虚拟机和扩展以及Azure虚拟桌面部署(主机池、应用组、工作区),并且我已根据Azure在将虚拟机添加到主机池并通过门户“手动”/加入AAD时生成的ARM模板调整了扩展。
已应用terraform并且扩展成功运行,但VM未加入域。
当我查看已部署虚拟机上的日志时,其中一个主要错误是“DsrCmdAzureHelper::GetTenantId:无法获取租户ID,状态代码400“。从目标主机名www.example.com获取元数据时,我得到400状态代码169.254.169.254,URL路径:/metadata/identity/info?api-version=2018-02-01,然后出现”找不到标识“错误。
这里有什么问题吗?下面是扩展的地形,如果需要更多,请告诉我。
locals {
registration_token = azurerm_virtual_desktop_host_pool.hostpool.registration_info[0].token
}
resource "azurerm_virtual_machine_extension" "domain_join" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}-domainJoin"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Azure.ActiveDirectory"
type = "AADLoginForWindows"
type_handler_version = "1.0"
auto_upgrade_minor_version = true
depends_on = [
azurerm_virtual_machine_extension.vmext_dsc
]
}
resource "azurerm_virtual_machine_extension" "vmext_dsc" {
count = var.rdsh_count
name = "${var.prefix}${count.index + 1}-avd_dsc"
# virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Powershell"
type = "DSC"
type_handler_version = "2.73"
auto_upgrade_minor_version = true
settings = <<-SETTINGS
{
"modulesUrl": "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_9-30-2021.zip",
"configurationFunction": "Configuration.ps1\\AddSessionHost",
"properties": {
"HostPoolName":"${azurerm_virtual_desktop_host_pool.hostpool.name}",
"aadJoin": true
}
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"properties": {
"registrationInfoToken": "${local.registration_token}"
}
}
PROTECTED_SETTINGS
depends_on = [
azurerm_virtual_desktop_host_pool.hostpool
]
}
2条答案
按热度按时间euoag5mw1#
我在我的环境中测试了它,问题与下面相同:
根据本***
Microsoft Q & A Thread
中的讨论,其中提到密钥AADJPrivate
应存在于路径HKLM\Software\microsoft\RDInfraAgent
***下,如果不存在,则VM将正确添加扩展,但无法加入Azure AD的域。因此,作为解决方案,我在代码中更改了一些内容,如:
custom_rdp_properties
改为"audiocapturemode:i:1;audiomode:i:0;"
***,添加了"audiocapturemode:i:1;audiomode:i:0;targetisaadjoined:i:1;"
。auto_upgrade_minor_version = true
。AADJPRIVATE
。修改后,我尝试了以下内容:
输出:
注意:根据此***
GitHub Issue
***,您必须使用azurerm提供程序版本2.90.0.3hvapo4f2#
确保为您的虚拟机分配托管标识,以使Azure AD加入正常工作