azure - 如何使用 Azure 映像生成器通过 Log Analytics 虚拟机扩展自定义映像

Question

我按照此文档使用 PowerShell 创建了一个带有 Azure Image Builder 的 Windows VM。

param (
  [Parameter(Mandatory = $true)]
  [string]
  $imageResourceGroup,
  [Parameter(Mandatory = $true)]
  [string]
  $location,
  [Parameter(Mandatory = $true)]
  [string]
  $imageTemplateName,
  [Parameter(Mandatory = $true)]
  [string]
  $runOutputName,
  [Parameter(Mandatory = $true)]
  [string]
  $myGalleryName,
  [Parameter(Mandatory = $true)]
  [string]
  $imageDefName
)

## Register features
Get-AzResourceProvider -ProviderNamespace Microsoft.Compute, Microsoft.KeyVault, Microsoft.Storage, Microsoft.VirtualMachineImages, Microsoft.Network |
Where-Object RegistrationState -ne Registered |
Register-AzResourceProvider

## Install modules
#Install-Module -Name Az.ManagedServiceIdentity -RequiredVersion 0.7.2 -Force
#Install-Module -Name Az.ImageBuilder -Force

## Your Azure Subscription ID
$subscriptionID = (Get-AzContext).Subscription.Id
Write-Output $subscriptionID

## Create a resource group
New-AzResourceGroup -Name $imageResourceGroup -Location $location

## Create user identity and set role permissions
[int]$timeInt = $(Get-Date -UFormat '%s')
$imageRoleDefName = "Azure Image Builder Image Def $timeInt"
$identityName = "myIdentity$timeInt"

## Create a user identity.
New-AzUserAssignedIdentity -ResourceGroupName $imageResourceGroup -Name $identityName

## Store the identity resource and principal IDs in variables.
$identityNameResourceId = (Get-AzUserAssignedIdentity -ResourceGroupName $imageResourceGroup -Name $identityName).Id
$identityNamePrincipalId = (Get-AzUserAssignedIdentity -ResourceGroupName $imageResourceGroup -Name $identityName).PrincipalId

## Assign permissions for identity to distribute images
$myRoleImageCreationUrl = 'https://raw.githubusercontent.com/azure/azvmimagebuilder/master/solutions/12_Creating_AIB_Security_Roles/aibRoleImageCreation.json'
$myRoleImageCreationPath = "$env:TEMP\myRoleImageCreation.json"

Invoke-WebRequest -Uri $myRoleImageCreationUrl -OutFile $myRoleImageCreationPath -UseBasicParsing

$Content = Get-Content -Path $myRoleImageCreationPath -Raw
$Content = $Content -replace '<subscriptionID>', $subscriptionID
$Content = $Content -replace '<rgName>', $imageResourceGroup
$Content = $Content -replace 'Azure Image Builder Service Image Creation Role', $imageRoleDefName
$Content | Out-File -FilePath $myRoleImageCreationPath -Force

## Create the role definition.
New-AzRoleDefinition -InputFile $myRoleImageCreationPath

## Grant the role definition to the image builder service principal.
$RoleAssignParams = @{
  ObjectId           = $identityNamePrincipalId
  RoleDefinitionName = $imageRoleDefName
  Scope              = "/subscriptions/$subscriptionID/resourceGroups/$imageResourceGroup"
}
New-AzRoleAssignment @RoleAssignParams

## Create an Azure Compute Gallery
## Create the gallery.
#$myGalleryName = 'myImageGallery'
#$imageDefName = 'winSvrImages'

New-AzGallery -GalleryName $myGalleryName -ResourceGroupName $imageResourceGroup -Location $location

## Create a gallery definition.
$GalleryParams = @{
  GalleryName       = $myGalleryName
  ResourceGroupName = $imageResourceGroup
  Location          = $location
  Name              = $imageDefName
  OsState           = 'generalized'
  OsType            = 'Windows'
  Publisher         = 'myCo'
  Offer             = 'Windows'
  Sku               = 'Win2019'
}
New-AzGalleryImageDefinition @GalleryParams

## Create an image
## Create an Azure image builder source object.
$SrcObjParams = @{
  SourceTypePlatformImage = $true
  Publisher               = 'MicrosoftWindowsServer'
  Offer                   = 'WindowsServer'
  Sku                     = '2019-Datacenter'
  Version                 = 'latest'
}
$srcPlatform = New-AzImageBuilderSourceObject @SrcObjParams

## Create an Azure image builder distributor object.
$disObjParams = @{
  SharedImageDistributor = $true
  ArtifactTag            = @{tag = 'dis-share' }
  GalleryImageId         = "/subscriptions/$subscriptionID/resourceGroups/$imageResourceGroup/providers/Microsoft.Compute/galleries/$myGalleryName/images/$imageDefName"
  ReplicationRegion      = $location
  RunOutputName          = $runOutputName
  ExcludeFromLatest      = $false
}
$disSharedImg = New-AzImageBuilderDistributorObject @disObjParams

## Create an Azure image builder customization object.
$ImgCustomParams01 = @{
  PowerShellCustomizer = $true
  CustomizerName       = 'settingUpMgmtAgtPath'
  RunElevated          = $false
  Inline               = @("mkdir c:\\buildActions", "mkdir c:\\buildArtifacts", "echo Azure-Image-Builder-Was-Here  > c:\\buildActions\\buildActionsOutput.txt")
}
$Customizer01 = New-AzImageBuilderCustomizerObject @ImgCustomParams01

## Create a second Azure image builder customization object.
$ImgCustomParams02 = @{
  FileCustomizer = $true
  CustomizerName = 'downloadBuildArtifacts'
  Destination    = 'c:\\buildArtifacts\\index.html'
  SourceUri      = 'https://raw.githubusercontent.com/azure/azvmimagebuilder/master/quickquickstarts/exampleArtifacts/buildArtifacts/index.html'
}
$Customizer02 = New-AzImageBuilderCustomizerObject @ImgCustomParams02

## Create an Azure image builder template.
$ImgTemplateParams = @{
  ImageTemplateName      = $imageTemplateName
  ResourceGroupName      = $imageResourceGroup
  Source                 = $srcPlatform
  Distribute             = $disSharedImg
  Customize              = $Customizer01, $Customizer02
  Location               = $location
  UserAssignedIdentityId = $identityNameResourceId
}
New-AzImageBuilderTemplate @ImgTemplateParams

## To determine if the template creation process was successful, you can use the following example.
Get-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageResourceGroup |
Select-Object -Property Name, LastRunStatusRunState, LastRunStatusMessage, ProvisioningState

## Start the image build
## Submit the image configuration to the VM image builder service.
Start-AzImageBuilderTemplate -ResourceGroupName $imageResourceGroup -Name $imageTemplateName

## Create a VM
## Store login credentials for the VM in a variable. The password must be complex.
$Cred = Get-Credential

## Create the VM using the image you created.
$ArtifactId = (Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageResourceGroup).ArtifactId

New-AzVM -ResourceGroupName $imageResourceGroup -Image $ArtifactId -Name myWinVM01 -Credential $Cred

## Verify the customizations
Get-Content -Path C:\buildActions\buildActionsOutput.txt

Get-ChildItem c:\buildArtifacts\

## Delete the image builder template
#Remove-AzImageBuilderTemplate -ResourceGroupName $imageResourceGroup -Name $imageTemplateName

## Delete the image resource group
#Remove-AzResourceGroup -Name $imageResourceGroup

我想将适用于 Windows 的 Log Analytics 虚拟机扩展添加到自定义映像。