我们如何使用Azure Java SDK创建启用了可信启动的Azure虚拟机?

huangapple go评论78阅读模式
英文:

How can we create an Azure VM with trusted launch enabled with Azure Java SDK?

问题

根据标题的建议,我已经花了一些时间阅读 SDK 文档并进行测试,但到目前为止,我还没有找到一个方法在 AzureResourceManager.virtualMachine 下允许我在创建时显式设置虚拟机以启用可信启动功能的方法。

VirtualMachineInner 类中可以指定 SecurityProfile,但我完全不知道如何将该对象传递给 AzureResourceManager.virtualMachine 下的 create() 方法。

以下是我目前想到的简短代码片段。

SecurityProfile securityProfile = new SecurityProfile()
            .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
            .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
            .withEncryptionAtHost(true);
VirtualMachineInner vmi = new VirtualMachineInner();
vmi.withSecurityProfile(securityProfile);

提前感谢。

英文:

Like the title suggests, I've spent some time reading sdk documents and testing but had no luck so far finding a method under AzureResourceManager.virtualMachine would allow me to explicitly set the VM to enable trusted launch feature at creation.

It is possible to specify SecurityProfile with VirtualMachineInner class but I have no clues at all passing the object to call the create() method under AzureResourceManager.virtualMachine.

Here's a short snippet I came up with so far.

SecurityProfile securityProfile = new SecurityProfile()
            .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
            .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
            .withEncryptionAtHost(true);
VirtualMachineInner vmi = new VirtualMachineInner();
vmi.withSecurityProfile(securityProfile);

Thanks in advance.

答案1

得分: 0

VirtualMachineInner类表示VM的内部属性,不应直接用于使用Azure Java SDK创建或管理虚拟机。

  • 使用VirtualMachine.DefinitionStages.WithCreate接口提供的流畅生成器模式来定义并创建虚拟机,然后在创建虚拟机后单独配置可信启动设置。
import com.azure.resourcemanager.compute.models.SecurityProfile;
import com.azure.resourcemanager.compute.models.SecurityTypes;
import com.azure.resourcemanager.compute.models.UefiSettings;
import com.azure.resourcemanager.compute.models.VirtualMachine;
import com.azure.resourcemanager.compute.models.VirtualMachineSizeTypes;

// 使用可信启动设置创建SecurityProfile
SecurityProfile securityProfile = new SecurityProfile()
        .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
        .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
        .withEncryptionAtHost(true);

// 使用Azure Java SDK创建虚拟机
VirtualMachine virtualMachine = azureResourceManager.virtualMachines()
        .define(vmName)
        .withRegion(Region.US_EAST)
        .withExistingResourceGroup(resourceGroupName)
        .withNewPrimaryNetwork(network)
        .withPrimaryPrivateIPAddressDynamic()
        .withNewPublicIPAddress()
        .withPopularLinuxImage(knownLinuxImage)
        .withRootUsername(vmUsername)
        .withSsh(publicKey)
        .withSize(VirtualMachineSizeTypes.STANDARD_D2_V2)
        .withOSDiskStorageAccountType(StorageAccountTypes.PREMIUM_LRS)
        .create();

// 单独为虚拟机配置可信启动设置
azureResourceManager.virtualMachines()
        .manager()
        .virtualMachineExtensionImages()
        .register("Microsoft.Compute", "TrustedLaunchExtension", "1.0")
        .beginCreateOrUpdate(
                resourceGroupName,
                virtualMachine.name(),
                "TrustedLaunchExtension",
                new VirtualMachineExtensionInner()
                        .withLocation(virtualMachine.regionName())
                        .withPublisher("Microsoft.Compute")
                        .withType("TrustedLaunchExtension")
                        .withVirtualMachineExtensionType("TrustedLaunchExtension")
                        .withAutoUpgradeMinorVersion(true)
                        .withSettings(securityProfile)
        )
        .waitForCompletion();

我尝试使用VirtualMachine.DefinitionStages.WithCreate.withTrustedLaunch()方法启用可信启动,但无法成功。

  • 在创建虚拟机时,Azure Java SDK中不提供withTrustedLaunch()方法来启用可信启动。

有一份声明引用了我们可以在VM创建后通过SDK设置安全启动参数的文档

这是输出结果:

我们如何使用Azure Java SDK创建启用了可信启动的Azure虚拟机?

英文:

VirtualMachineInner class represents the internal properties of the VM and is not to be used directly for creating or managing virtual machines using the Azure Java SDK.

  • Use the fluent builder pattern provided by the VirtualMachine.DefinitionStages.WithCreate interface that define and it creates the virtual machine, then configure Trusted Launch settings separately after the virtual machine is created.
import com.azure.resourcemanager.compute.models.SecurityProfile;
import com.azure.resourcemanager.compute.models.SecurityTypes;
import com.azure.resourcemanager.compute.models.UefiSettings;
import com.azure.resourcemanager.compute.models.VirtualMachine;
import com.azure.resourcemanager.compute.models.VirtualMachineSizeTypes;

// Create a SecurityProfile with Trusted Launch settings
SecurityProfile securityProfile = new SecurityProfile()
        .withSecurityType(SecurityTypes.TRUSTED_LAUNCH)
        .withUefiSettings(new UefiSettings().withSecureBootEnabled(true).withVTpmEnabled(true))
        .withEncryptionAtHost(true);

// Create the virtual machine using the Azure Java SDK
VirtualMachine virtualMachine = azureResourceManager.virtualMachines()
        .define(vmName)
        .withRegion(Region.US_EAST)
        .withExistingResourceGroup(resourceGroupName)
        .withNewPrimaryNetwork(network)
        .withPrimaryPrivateIPAddressDynamic()
        .withNewPublicIPAddress()
        .withPopularLinuxImage(knownLinuxImage)
        .withRootUsername(vmUsername)
        .withSsh(publicKey)
        .withSize(VirtualMachineSizeTypes.STANDARD_D2_V2)
        .withOSDiskStorageAccountType(StorageAccountTypes.PREMIUM_LRS)
        .create();

// Configure Trusted Launch settings separately for the virtual machine
azureResourceManager.virtualMachines()
        .manager()
        .virtualMachineExtensionImages()
        .register("Microsoft.Compute", "TrustedLaunchExtension", "1.0")
        .beginCreateOrUpdate(
                resourceGroupName,
                virtualMachine.name(),
                "TrustedLaunchExtension",
                new VirtualMachineExtensionInner()
                        .withLocation(virtualMachine.regionName())
                        .withPublisher("Microsoft.Compute")
                        .withType("TrustedLaunchExtension")
                        .withVirtualMachineExtensionType("TrustedLaunchExtension")
                        .withAutoUpgradeMinorVersion(true)
                        .withSettings(securityProfile)
        )
        .waitForCompletion();

I tried using the VirtualMachine.DefinitionStages.WithCreate.withTrustedLaunch() method to enable Trusted Launch. but unable to do it.

  • withTrustedLaunch() method is not available in the Azure Java SDK for enabling Trusted Launch during the creation of a virtual machine.

There is a statement quoting that we can set secure boot parameter by SDK after VM creation.

我们如何使用Azure Java SDK创建启用了可信启动的Azure虚拟机?

Here is the output:

我们如何使用Azure Java SDK创建启用了可信启动的Azure虚拟机?

huangapple
  • 本文由 发表于 2023年6月29日 02:01:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/76575673.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定