使用 Docker 运行适用于 Azure Stack Hub 的 PowerShellUse Docker to run PowerShell for Azure Stack Hub

在本文中,你可使用 Docker 创建容器,在其中运行使用各种接口所需的 PowerShell 版本。In this article, you can use Docker to create a container on which to run the version of PowerShell that's required for working with the various interfaces. 你可以找到使用 AzureRM 模块和最新 Az 模块的说明。You can find instructions for using both AzureRM modules and the latest Az modules. AzureRM 要求使用基于 Windows 的容器。AzureRM requires a Windows-based container. Az 使用基于 Linux 的容器。Az uses a Linux-based container.

Docker 先决条件Docker prerequisites

安装 DockerInstall Docker

  1. 安装 DockerInstall Docker.

  2. 在命令行程序(例如 PowerShell 或 Bash)中输入以下内容:In a command-line program, such as PowerShell or Bash, enter:

    docker --version
    

使用 PowerShell 设置服务主体Set up a service principal for using PowerShell

若要使用 PowerShell 访问 Azure Stack Hub 中的资源,需要在 Azure Active Directory (Azure AD) 租户中有一个服务主体。To use PowerShell to access resources in Azure Stack Hub, you need a service principal in your Azure Active Directory (Azure AD) tenant. 通过基于角色的访问控制 (RBAC) 来委派权限。You delegate permissions with user role-based access control (RBAC). 可能需要向云运营商请求服务主体。You may need to request the service principal from your cloud operator.

  1. 若要设置服务主体,请按通过创建服务主体向应用程序授予对 Azure Stack Hub 资源的访问权限中的说明操作。To set up your service principal, follow the instructions in Give applications access to Azure Stack Hub resources by creating service principals.

  2. 记下应用程序 ID、机密、租户 ID 和对象 ID 供以后使用。Note the application ID, the secret, your tenant ID, and object ID for later use.

在 Docker 中运行 PowerShellRun PowerShell in Docker

在这些说明中,你将运行基于 Linux 的容器映像,该映像包含 PowerShell 和 Azure Stack Hub 所需的模块。In these instructions, you will run a Linux-based container image that contains the PowerShell and the required modules for Azure Stack Hub.

  1. 需要使用 Linux 容器运行 Docker。You need to run Docker by using Linux container. 运行 Docker 时,请切换到 Linux 容器。When you run Docker, switch to Linux containers.

  2. 从已加入 Azure Stack Hub 所在的域的计算机运行 Docker。Run Docker from a machine that's joined to the same domain as Azure Stack Hub. 如果使用 Azure Stack 开发工具包 (ASDK),需在远程计算机上安装 VPNIf you are using the Azure Stack Development Kit (ASDK), you need to install the VPN on your remote machine.

在 Linux 容器上安装 Azure Stack Hub Az 模块Install Azure Stack Hub Az module on a Linux container

  1. 在命令行中运行以下 Docker 命令,以在 Ubuntu 容器中运行 PowerShell:From your command line, run the following Docker command to run PowerShell in an Ubuntu container:

    docker run -it mcr.microsoft.com/azurestack/powershell
    

    可运行 Ubuntu、Debian 或 Centos。You can run Ubuntu, Debian, or Centos. 可在 GitHub 存储库 azurestack-powershell 中找到以下 Docker 文件。You can find the following Docker files in the GitHub repository, azurestack-powershell. 有关 Docker 文件的最新更改,请参阅 GitHub 存储库。Refer to the GitHub repository for the latest changes to the Docker files. 每个 OS 均已标记。Each OS is tagged. 将冒号之后部分的标记替换为所需 OS 的标记。Replace the tag, the section after the colon, with the tag for the desired OS.

    LinuxLinux Docker 映像Docker image
    UbuntuUbuntu docker run -it mcr.microsoft.com/azurestack/powershell:ubuntu-18.04
    DebianDebian docker run -it mcr.microsoft.com/azurestack/powershell:debian-9
    CentOSCentos docker run -it mcr.microsoft.com/azurestack/powershell:centos-7
  2. 可以将此 shell 用于 cmdlet 了。The shell is ready for your cmdlets. 通过登录并运行 Test-AzureStack.ps1 来测试 shell 连接性。Test your shell connectivity by signing in and then running Test-AzureStack.ps1.

    首先创建服务主体凭据。First, create your service principal credentials. 你将需要“机密”和“应用程序 ID” 。You will need the secret and application ID. 在运行 Test-AzureStack.ps1 检查容器时,还需要“对象 ID”。You will also need the object ID when running the Test-AzureStack.ps1 to check your container. 可能需要向云运营商请求服务主体。You may need to request a service principal from your cloud operator.

    键入以下 cmdlet 来创建服务主体对象:Type the following cmdlets to create a service principle object:

    $passwd = ConvertTo-SecureString <Secret> -AsPlainText -Force
    $pscredential = New-Object System.Management.Automation.PSCredential('<ApplicationID>', $passwd)
    
  3. 通过从 Azure Stack Hub 实例运行具有以下值的以下脚本来连接到你的环境。Connect to your environment by running the following script with the following values from your Azure Stack Hub instance.

    Value 描述Description
    环境的名称。The name of the environment. Azure Stack Hub 环境的名称。The name of your Azure Stack Hub environment.
    资源管理器终结点Resource Manager Endpoint 资源管理器的 URL。The URL for the Resource Manager. 如果你不知道,请联系你的云运营商。Contact your cloud operator if you don't know it. 该 URL 应类似于 https://management.region.domain.comIt will look something like https://management.region.domain.com.
    目录租户 IDDirectory Tenant ID Azure Stack Hub 租户目录的 ID。The ID of your Azure Stack Hub tenant directory.
    凭据Credential 包含服务主体的对象。An object containing your service principal. 在本例中为 $pscredentialIn this case $pscredential.
    ./Login-Environment.ps1 -Name <String> -ResourceManagerEndpoint <resource manager endpoint> -DirectoryTenantId <String> -Credential $pscredential
    

    PowerShell 返回帐户对象。PowerShell returns your account object.

  4. 通过在容器中运行 Test-AzureStack.ps1 脚本来测试环境。Test your environment by running the Test-AzureStack.ps1 script in the container. 指定服务主体“对象 ID”。Specify the service principal object ID. 如果未指明对象 ID,脚本仍将运行,但它只是测试租户(用户)模块,无法测试需要管理员权限的模块。If you do not indicate the object ID, the script will still run but it will just test tenant (user) modules and fail on modules that require administrator privileges.

    ./Test-AzureStack.ps1 <Object ID>
    

后续步骤Next steps