借助 Azure CLI 管理资源并将其部署到 Azure Stack HubManage and deploy resources to Azure Stack Hub with Azure CLI

适用于:Azure Stack Hub 集成系统Applies to: Azure Stack Hub integrated systems

按照本文中的步骤设置 Azure Command-Line 接口 (CLI) ,以便从 Linux、Mac 和 Windows 客户端平台管理 Azure Stack 集线器资源。Follow the steps in this article to set up the Azure Command-Line Interface (CLI) to manage Azure Stack Hub resources from Linux, Mac, and Windows client platforms.

准备 Azure CLIPrepare for Azure CLI

虚拟机别名终结点 提供类似于“UbuntuLTS”或“Win2012Datacenter”的别名。The virtual machine aliases endpoint provides an alias, like "UbuntuLTS" or "Win2012Datacenter." 此别名引用映像发布者、套餐、SKU 和版本作为部署 VM 时的单个参数。This alias references an image publisher, offer, SKU, and version as a single parameter when deploying VMs.

以下部分介绍如何设置虚拟机别名终结点。The following section describes how to set up the virtual machine aliases endpoint.

设置虚拟机别名终结点Set up the virtual machine aliases endpoint

可以设置一个可公开访问的终结点用于托管 VM 别名文件。You can set up a publicly accessible endpoint that hosts a VM alias file. VM 别名文件是一个 JSON 文件,提供映像的公用名称。The VM alias file is a JSON file that provides a common name for an image. 以 Azure CLI 参数形式部署 VM 时,将使用该名称。You use the name when you deploy a VM as an Azure CLI parameter.

  1. 如果发布自定义映像,请记下发布过程中指定的发布者、产品/服务、SKU 和版本信息。If you publish a custom image, make note of the publisher, offer, SKU, and version information that you specified during publishing. 如果它是 Marketplace 中的映像,则可以使用 cmdlet 来查看信息 Get-AzureVMImageIf it's an image from the Marketplace, you can view the information by using the Get-AzureVMImage cmdlet.

  2. 从 GitHub 下载示例文件Download the sample file from GitHub.

  3. 在 Azure Stack Hub 中创建存储帐户。Create a storage account in Azure Stack Hub. 完成该操作后,将创建 Blob 容器。When that's done, create a blob container. 将访问策略设置为“公开”。Set the access policy to "public."

  4. 将 JSON 文件上传到新容器。Upload the JSON file to the new container. 完成该操作后,可以查看 blob 的 URL。When that's done, you can view the URL of the blob. 选择 blob 名称,然后从 blob 属性中选择该 URL。Select the blob name and then selecting the URL from the blob properties.

安装或升级 CLIInstall or upgrade CLI

登录到开发工作站并安装 CLI。Sign in to your development workstation and install CLI. Azure Stack Hub 需要 Azure CLI 2.0 版或更高版本。Azure Stack Hub requires version 2.0 or later of Azure CLI. 最新版本的 API 配置文件需要最新版本的 CLI。The latest version of the API Profiles requires a current version of the CLI. 使用安装 Azure CLI 一文中所述的步骤安装 CLI。You install the CLI by using the steps described in the Install the Azure CLI article.

若要验证安装是否成功,请打开终端或命令提示符窗口,并运行以下命令:To verify whether the installation was successful, open a terminal or command prompt window and run the following command:

az --version

应会看到 Azure CLI 的版本,以及计算机上安装的其他依赖库。You should see the version of Azure CLI and other dependent libraries that are installed on your computer.

Azure Stack Hub Python 位置上的 Azure CLI

Windows/Linux (Azure AD) Windows/Linux (Azure AD)

本部分将指导你设置 CLI (如果你使用 Azure AD 作为标识管理服务),并在 Windows/Linux 计算机上使用 CLI。This section walks you through setting up CLI if you're using Azure AD as your identity management service, and are using CLI on a Windows/Linux machine.

连接到 Azure Stack HubConnect to Azure Stack Hub

  1. 运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.

  2. 注册环境。Register your environment. 在运行 az cloud register 时使用以下参数:Use the following parameters when running az cloud register:

    Value 示例Example 说明Description
    环境名称Environment name AzureStackUserAzureStackUser 对于用户环境,请使用 AzureStackUserUse AzureStackUser for the user environment. 如果你是操作员,请指定 AzureStackAdminIf you're operator, specify AzureStackAdmin.
    资源管理器终结点Resource Manager endpoint https://management.local.azurestack.external 集成系统中的 ResourceManagerUrl 是: https://management.<region>.<fqdn>/ 如果你对集成系统终结点有疑问,请联系你的云操作员。The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
    存储终结点Storage endpoint local.azurestack.externallocal.azurestack.external 对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
    KeyVault 后缀Keyvault suffix .vault.local.azurestack.external.vault.local.azurestack.external 对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
    VM 映像别名文档终结点-VM image alias doc endpoint- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json 包含 VM 映像别名的文档的 URI。URI of the document, which contains VM image aliases. 有关详细信息,请参阅设置 VM 别名终结点For more info, see Set up the VM aliases endpoint.
    az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
    
  3. 使用以下命令设置活动环境。Set the active environment by using the following commands.

    az cloud set -n <environmentname>
    
  4. 将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile. 若要更新配置,请运行以下命令:To update the configuration, run the following command:

    az cloud update --profile 2019-03-01-hybrid
    
  5. 使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command. 以用户身份或以服务主体的形式登录到 Azure Stack Hub 环境。Sign in to the Azure Stack Hub environment either as a user or as a service principal.

    • 以用户身份登录:Sign in as a user:

      可以直接在 az login 命令中指定用户名和密码,或使用浏览器进行身份验证。You can either specify the username and password directly within the az login command, or authenticate by using a browser. 如果帐户已启用多重身份验证,则必须采用后一种方法。You must do the latter if your account has multi-factor authentication enabled:

      az login -u <Active directory global administrator or user account. For example: username@<aadtenant>.onmicrosoft.com> --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com>
      

      备注

      如果用户帐户已启用多重身份验证,请使用不带 -u 参数的 az login 命令。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter. 运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running this command gives you a URL and a code that you must use to authenticate.

    • 以服务主体身份登录:Sign in as a service principal:

      在登录之前,请通过 Azure 门户或 CLI 创建一个服务主体,并为其分配角色。Before you sign in, create a service principal through the Azure portal or CLI and assign it a role. 接下来,使用以下命令登录:Now, sign in by using the following command:

      az login --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com> --service-principal -u <Application Id of the Service Principal> -p <Key generated for the Service Principal>
      

测试连接Test the connectivity

完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub. 例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM. 使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":

az group create -n MyResourceGroup -l local

如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:

资源组创建输出

Windows/Linux (AD FS) Windows/Linux (AD FS)

本部分将指导你设置 CLI (如果你使用的是 Active Directory 联合服务 (AD FS) 作为标识管理服务,并且在 Windows/Linux 计算机上使用 CLI)。This section walks you through setting up CLI if you're using Active Directory Federated Services (AD FS) as your identity management service, and are using CLI on a Windows/Linux machine.

连接到 Azure Stack HubConnect to Azure Stack Hub

  1. 运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.

  2. 注册环境。Register your environment. 在运行 az cloud register 时使用以下参数:Use the following parameters when running az cloud register:

    Value 示例Example 说明Description
    环境名称Environment name AzureStackUserAzureStackUser 对于用户环境,请使用 AzureStackUserUse AzureStackUser for the user environment. 如果你是操作员,请指定 AzureStackAdminIf you're operator, specify AzureStackAdmin.
    资源管理器终结点Resource Manager endpoint https://management.local.azurestack.external 集成系统中的 ResourceManagerUrl 是: https://management.<region>.<fqdn>/ 如果你对集成系统终结点有疑问,请联系你的云操作员。The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
    存储终结点Storage endpoint local.azurestack.externallocal.azurestack.external 对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
    KeyVault 后缀Keyvault suffix .vault.local.azurestack.external.vault.local.azurestack.external 对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
    VM 映像别名文档终结点-VM image alias doc endpoint- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json 包含 VM 映像别名的文档的 URI。URI of the document, which contains VM image aliases. 有关详细信息,请参阅设置 VM 别名终结点For more info, see Set up the VM aliases endpoint.
    az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
    
  3. 使用以下命令设置活动环境。Set the active environment by using the following commands.

    az cloud set -n <environmentname>
    
  4. 将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile. 若要更新配置,请运行以下命令:To update the configuration, run the following command:

    az cloud update --profile 2019-03-01-hybrid
    
  5. 使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command. 可以用户身份或以服务主体的形式登录到 Azure Stack Hub 环境。You can sign in to the Azure Stack Hub environment either as a user or as a service principal.

    • 以用户身份登录:Sign in as a user:

      可以直接在 az login 命令中指定用户名和密码,或使用浏览器进行身份验证。You can either specify the username and password directly within the az login command, or authenticate by using a browser. 如果帐户已启用多重身份验证,则必须采用后一种方法。You must do the latter if your account has multi-factor authentication enabled:

      az cloud register  -n <environmentname>   --endpoint-resource-manager "https://management.local.azurestack.external"  --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>   --profile "2019-03-01-hybrid"
      

      备注

      如果用户帐户已启用多重身份验证,请使用不带 -u 参数的 az login 命令。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter. 运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running this command gives you a URL and a code that you must use to authenticate.

    • 以服务主体身份登录:Sign in as a service principal:

      准备要用于服务主体登录的 .pem 文件。Prepare the .pem file to be used for service principal login.

      在创建主体的客户端计算机上,使用位于 cert:\CurrentUser\My 的私钥将服务主体证书导出为 pfx。On the client machine where the principal was created, export the service principal certificate as a pfx with the private key located at cert:\CurrentUser\My. 证书名称与主体名称相同。The cert name has the same name as the principal.

      将 pfx 转换为 pem(使用 OpenSSL 实用工具)。Convert the pfx to pem (use the OpenSSL utility).

      登录到 CLI:Sign in to the CLI:

      az login --service-principal \
      -u <Client ID from the Service Principal details> \
      -p <Certificate's fully qualified name, such as, C:\certs\spn.pem>
      --tenant <Tenant ID> \
      --debug 
      

测试连接Test the connectivity

完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub. 例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM. 使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":

az group create -n MyResourceGroup -l local

如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:

资源组创建输出

已知问题Known issues

在 Azure Stack Hub 中使用 CLI 时存在一些已知的问题:There are known issues when using CLI in Azure Stack Hub:

  • CLI 交互模式。The CLI interactive mode. 例如,az interactive 命令在 Azure Stack Hub 中尚不受支持。For example, the az interactive command, isn't yet supported in Azure Stack Hub.
  • 若要获取 Azure Stack Hub 中可用的 VM 映像列表,请使用 az vm image list --all 命令,而不是 az vm image list 命令。To get the list of VM images available in Azure Stack Hub, use the az vm image list --all command instead of the az vm image list command. 指定 --all 选项可确保响应只返回 Azure Stack Hub 环境中可用的映像。Specifying the --all option ensures that the response returns only the images that are available in your Azure Stack Hub environment.
  • Azure 中可用的 VM 映像别名可能不适用于 Azure Stack Hub。VM image aliases that are available in Azure may not be applicable to Azure Stack Hub. 使用 VM 映像时,必须使用整个 URN 参数 (Canonical:UbuntuServer:14.04.3-LTS:1.0.0),而不是映像别名。When using VM images, you must use the entire URN parameter (Canonical:UbuntuServer:14.04.3-LTS:1.0.0) instead of the image alias. 此 URN 必须与派生自 az vm images list 命令的映像规范相匹配。This URN must match the image specifications as derived from the az vm images list command.

后续步骤Next steps