英文:
How can we create an Azure VM with trusted launch enabled with Azure Java SDK?
问题
根据标题的建议,我已经花了一些时间阅读 SDK 文档并进行测试,但到目前为止,我还没有找到一个方法在 AzureResourceManager.virtualMachine 下允许我在创建时显式设置虚拟机以启用可信启动功能的方法。
在 VirtualMachineInner 类中可以指定 SecurityProfile,但我完全不知道如何将该对象传递给 AzureResourceManager.virtualMachine 下的 create() 方法。
以下是我目前想到的简短代码片段。
SecurityProfile securityProfile = new SecurityProfile()
.withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
.withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
.withEncryptionAtHost(true);
VirtualMachineInner vmi = new VirtualMachineInner();
vmi.withSecurityProfile(securityProfile);
提前感谢。
英文:
Like the title suggests, I've spent some time reading sdk documents and testing but had no luck so far finding a method under AzureResourceManager.virtualMachine would allow me to explicitly set the VM to enable trusted launch feature at creation.
It is possible to specify SecurityProfile with VirtualMachineInner class but I have no clues at all passing the object to call the create() method under AzureResourceManager.virtualMachine.
Here's a short snippet I came up with so far.
SecurityProfile securityProfile = new SecurityProfile()
.withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
.withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
.withEncryptionAtHost(true);
VirtualMachineInner vmi = new VirtualMachineInner();
vmi.withSecurityProfile(securityProfile);
Thanks in advance.
答案1
得分: 0
VirtualMachineInner类表示VM的内部属性,不应直接用于使用Azure Java SDK创建或管理虚拟机。
- 使用
VirtualMachine.DefinitionStages.WithCreate接口提供的流畅生成器模式来定义并创建虚拟机,然后在创建虚拟机后单独配置可信启动设置。
import com.azure.resourcemanager.compute.models.SecurityProfile;
import com.azure.resourcemanager.compute.models.SecurityTypes;
import com.azure.resourcemanager.compute.models.UefiSettings;
import com.azure.resourcemanager.compute.models.VirtualMachine;
import com.azure.resourcemanager.compute.models.VirtualMachineSizeTypes;
// 使用可信启动设置创建SecurityProfile
SecurityProfile securityProfile = new SecurityProfile()
.withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
.withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
.withEncryptionAtHost(true);
// 使用Azure Java SDK创建虚拟机
VirtualMachine virtualMachine = azureResourceManager.virtualMachines()
.define(vmName)
.withRegion(Region.US_EAST)
.withExistingResourceGroup(resourceGroupName)
.withNewPrimaryNetwork(network)
.withPrimaryPrivateIPAddressDynamic()
.withNewPublicIPAddress()
.withPopularLinuxImage(knownLinuxImage)
.withRootUsername(vmUsername)
.withSsh(publicKey)
.withSize(VirtualMachineSizeTypes.STANDARD_D2_V2)
.withOSDiskStorageAccountType(StorageAccountTypes.PREMIUM_LRS)
.create();
// 单独为虚拟机配置可信启动设置
azureResourceManager.virtualMachines()
.manager()
.virtualMachineExtensionImages()
.register("Microsoft.Compute", "TrustedLaunchExtension", "1.0")
.beginCreateOrUpdate(
resourceGroupName,
virtualMachine.name(),
"TrustedLaunchExtension",
new VirtualMachineExtensionInner()
.withLocation(virtualMachine.regionName())
.withPublisher("Microsoft.Compute")
.withType("TrustedLaunchExtension")
.withVirtualMachineExtensionType("TrustedLaunchExtension")
.withAutoUpgradeMinorVersion(true)
.withSettings(securityProfile)
)
.waitForCompletion();
我尝试使用VirtualMachine.DefinitionStages.WithCreate.withTrustedLaunch()方法启用可信启动,但无法成功。
- 在创建虚拟机时,Azure Java SDK中不提供
withTrustedLaunch()方法来启用可信启动。
有一份声明引用了我们可以在VM创建后通过SDK设置安全启动参数的文档。
这是输出结果:
英文:
VirtualMachineInner class represents the internal properties of the VM and is not to be used directly for creating or managing virtual machines using the Azure Java SDK.
- Use the fluent builder pattern provided by the
VirtualMachine.DefinitionStages.WithCreateinterface that define and it creates the virtual machine, then configure Trusted Launch settings separately after the virtual machine is created.
import com.azure.resourcemanager.compute.models.SecurityProfile;
import com.azure.resourcemanager.compute.models.SecurityTypes;
import com.azure.resourcemanager.compute.models.UefiSettings;
import com.azure.resourcemanager.compute.models.VirtualMachine;
import com.azure.resourcemanager.compute.models.VirtualMachineSizeTypes;
// Create a SecurityProfile with Trusted Launch settings
SecurityProfile securityProfile = new SecurityProfile()
.withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
.withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
.withEncryptionAtHost(true);
// Create the virtual machine using the Azure Java SDK
VirtualMachine virtualMachine = azureResourceManager.virtualMachines()
.define(vmName)
.withRegion(Region.US_EAST)
.withExistingResourceGroup(resourceGroupName)
.withNewPrimaryNetwork(network)
.withPrimaryPrivateIPAddressDynamic()
.withNewPublicIPAddress()
.withPopularLinuxImage(knownLinuxImage)
.withRootUsername(vmUsername)
.withSsh(publicKey)
.withSize(VirtualMachineSizeTypes.STANDARD_D2_V2)
.withOSDiskStorageAccountType(StorageAccountTypes.PREMIUM_LRS)
.create();
// Configure Trusted Launch settings separately for the virtual machine
azureResourceManager.virtualMachines()
.manager()
.virtualMachineExtensionImages()
.register("Microsoft.Compute", "TrustedLaunchExtension", "1.0")
.beginCreateOrUpdate(
resourceGroupName,
virtualMachine.name(),
"TrustedLaunchExtension",
new VirtualMachineExtensionInner()
.withLocation(virtualMachine.regionName())
.withPublisher("Microsoft.Compute")
.withType("TrustedLaunchExtension")
.withVirtualMachineExtensionType("TrustedLaunchExtension")
.withAutoUpgradeMinorVersion(true)
.withSettings(securityProfile)
)
.waitForCompletion();
I tried using the VirtualMachine.DefinitionStages.WithCreate.withTrustedLaunch() method to enable Trusted Launch. but unable to do it.
withTrustedLaunch()method is not available in the Azure Java SDK for enabling Trusted Launch during the creation of a virtual machine.
There is a statement quoting that we can set secure boot parameter by SDK after VM creation.
Here is the output:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论