Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Dieser Artikel enthält Beispiele für Azure Policy-Definitionen, die Ziele und Funktionen für einen bestimmten Ressourcentyp erstellen. Sie können Azure Chaos Studio automatisch Ressourcen hinzufügen. Als erstes stellen Sie diese Muster als benutzerdefinierte Richtliniendefinitionen bereit. Dann ordnen Sie die Richtlinie einem Bereich zu.
In diesen Beispielen fügen wir für jeden unterstützten Ressourcentyp direkte Dienstziele und -funktionen hinzu, die wir mit Hilfe von Zielen und Funktionen erstellen.
Hinweis
Jede dieser Richtlinien unterscheidet sich geringfügig, und Sie sollten zusätzlich zu diesen nachstehenden Beispieldefinitionen die Dokumentation der verwendeten Ressource (z. B. Compute, Storage usw.) zu Rate ziehen, um sicherzustellen, dass Sie alles ordnungsgemäß für Ihr spezifisches Szenario festlegen
Hinweis
Stellen Sie sicher, dass das Abonnement, das Sie für die automatisierte Azure-Richtlinienbereitstellung verwenden, über die richtigen RBAC-Berechtigungen verfügt.
Richtliniendefinition für Azure Cache for Redis
{
"displayName": "Deploy Chaos Target and Capability for Azure Cache for Redis",
"policyType": "Custom",
"mode": "Indexed",
"metadata": {
"category": "Chaos Studio"
},
"description": "Deploys the target and capabilities for an Azure Cache for Redis instance for onboarding to Azure Chaos Studio."
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Cache/Redis"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureCacheForRedis",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Cache/Redis/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Cache/Redis/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis/Reboot-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Cache/Redis', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureCacheForRedis')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Richtliniendefinition für Azure Cosmos DB
{
"displayName": "Deploy Chaos Target and Capability for Cosmos DB",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a Cosmos DB for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.DocumentDB/databaseAccounts"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-CosmosDB",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB/Failover-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-CosmosDB')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Richtliniendefinition für Azure Kubernetes Service
{
"displayName": "Deploy Chaos Target and Capabilities for Azure Kubernetes Service",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for an AKS cluster for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureKubernetesServiceChaosMesh",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/NetworkChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/PodChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/StressChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/IOChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/TimeChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/KernelChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/DNSChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/HTTPChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definition von Richtlinien für Azure-Netzwerksicherheitsgruppen
{
"displayName": "Deploy Chaos Target and Capability for Network Security Groups",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a network security group for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-NetworkSecurityGroup",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup/SecurityRule-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Network/networkSecurityGroups', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-NetworkSecurityGroup')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Richtliniendefinition für Azure Virtual Machines
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machines (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a virtual machine for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachine",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachines/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachines', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachine')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Richtliniendefinition für Azure Virtual Machine Scale Sets
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machine Scale Sets (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for virtual machine scale sets for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachineScaleSet",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachineScaleSet')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Behandeln von Problemen im Zusammenhang mit Azure Policy/RBAC
Weitere Informationen finden Sie unter Problembehandlung mit Azure Policy.