您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

配置复杂解决方案时设计 Azure Resource Manager 模板的模式Design patterns for Azure Resource Manager templates when deploying complex solutions

使用基于 Azure Resource Manager 模板的灵活方法,可以快速、一致地部署复杂的拓扑。Using a flexible approach based on Azure Resource Manager templates, you can deploy complex topologies quickly and consistently. 随着核心产品的发展,用户可以轻松地调整这些部署或适应外来方案或客户的变化。You can adapt these deployments easily as core offerings evolve or to accommodate variants for outlier scenarios or customers.

本主题是包含更多内容的白皮书的一部分。This topic is part of a larger whitepaper. 若要阅读完整的白皮书,请下载 World Class Azure Resource Manager Templates Considerations and Proven Practices(一流的 Azure Resource Manager 模板注意事项和成熟的做法)。To read the full paper, download World Class Azure Resource Manager Templates Considerations and Proven Practices.

模板结合了底层 Azure Resource Manager 的优点,以及 JavaScript 对象表示法 (JSON) 的自适应性和易读性。Templates combine the benefits of the underlying Azure Resource Manager with the adaptability and readability of JavaScript Object Notation (JSON). 使用模板可以:Using templates, you can:

  • 以一致的方式部署拓扑及其工作负荷。Deploy topologies and their workloads consistently.
  • 使用资源组统一管理应用程序中的所有资源。Manage all your resources in an application together using resource groups.
  • 应用基于角色的访问控制 (RBAC),以授予用户、组和服务适当的访问权限。Apply role-based access control (RBAC) to grant appropriate access to users, groups, and services.
  • 使用标记关联来简化任务,例如累积计费。Use tagging associations to streamline tasks such as billing rollups.

本文提供有关在设计会话以及真实世界中与 Azure 客户咨询团队 (AzureCAT) 客户进行模板实施过程中所确定的使用方案、体系结构和实施模式的详细信息。This article provides details on consumption scenarios, architecture, and implementation patterns identified during our design sessions and real-world template implementations with Azure Customer Advisory Team (AzureCAT) customers. 姑且不论学术理论是什么,这些方法已经实践实证,建立在针对 12 个基于 Linux 的顶级 OSS 技术开发的模板基础之上,这些技术包括:Apache Kafka、Apache Spark、Cloudera、Couchbase、Hortonworks HDP、Apache Cassandra 提供的 DataStax Enterprise、Elasticsearch、Jenkins、MongoDB、PostgreSQL、Redis 和 Nagios。Far from academic, these approaches are proven practices informed by the development of templates for 12 of the top Linux-based OSS technologies, including: Apache Kafka, Apache Spark, Cloudera, Couchbase, Hortonworks HDP, DataStax Enterprise powered by Apache Cassandra, Elasticsearch, Jenkins, MongoDB, PostgreSQL, Redis, and Nagios.

本文将分享这些经过实证的做法,帮助你设计一流的 Azure 资源管理器模板。This article shares these proven practices to help you architect world class Azure Resource Manager templates.

通过与客户合作,我们已在企业、系统集成商 (SI) 和 CSV 之间确定了多个 Resource Manager 模板使用体验。In our work with customers, we have identified several Resource Manager template consumption experiences across enterprises, System Integrators (SI)s, and CSVs. 以下部分从整体上概述了适用于不同客户类型的常见方案和模式。The following sections provide a high-level overview of common scenarios and patterns for different customer types.

企业和系统集成商Enterprises and system integrators

在大型组织中,常常会看到 Resource Manager 模板的两类使用者:内部软件开发团队和企业 IT 部门。Within large organizations, we commonly see two consumers of Resource Manager templates: internal software development teams and corporate IT. 我们发现 SI 方案可对应到企业方案,因此相同的考虑因素同样适用。We've found that the scenarios for the SIs map to the scenarios for Enterprises, so the same considerations apply.

内部软件开发团队Internal software development teams

如果团队要开发软件来支持业务,使用模板可以快速轻松地部署可用于业务特定解决方案的技术。If your team develops software to support your business, templates provide an easy way to quickly deploy technologies for use in business-specific solutions. 也可以使用模板快速创建培训环境,让团队成员能够获得所需的技巧。You can also use templates to rapidly create training environments that enable team members to gain necessary skills.

可以按原样使用模板,或者根据需要进行扩展或改编。You can use templates as-is or extend or compose them to accommodate your needs. 通过在模板中使用标记,可以利用各种不同的视图(例如团队、项目、个人和教育)来提供帐单摘要。Using tagging within templates, you can provide a billing summary with various views such as team, project, individual, and education.

企业通常希望软件开发团队创建用于一致部署解决方案的模板。Businesses often want software development teams to create a template for consistent deployment of a solution. 模板便于约束,可使相应环境中的特定项固定不变、不能重写。The template facilitates constraints so certain items within that environment remain fixed and can't be overridden. 例如,银行可能需要使用模板来包含 RBAC,使程序员无法修订银行解决方案来将数据发送到个人存储帐户。For example, a bank might require a template to include RBAC so a programmer can’t revise a banking solution to send data to a personal storage account.

企业 ITCorporate IT

企业 IT 组织通常使用模板来传送云容量和云托管功能。Corporate IT organizations typically use templates for delivering cloud capacity and cloud-hosted capabilities.

云容量Cloud capacity

企业 IT 小组为团队提供云容量的方式通常是使用“T 恤尺寸”,也就是标准产品的尺寸(例如,小、中、大)。A common way for corporate IT groups to provide cloud capacity for teams is with "t-shirt sizes", which are standard offering sizes such as small, medium, and large. T 恤尺寸的产品可以混合不同的资源类型和数量,同时提供标准化级别使你能够使用模板。The t-shirt sized offerings can mix different resource types and quantities while providing a level of standardization that makes it possible to use templates. 模板以一致的方式提供容量,强制实施企业策略,并使用标记来为使用方组织提供分摊。The templates deliver capacity in a consistent way that enforces corporate policies and uses tagging to provide chargeback to consuming organizations.

例如,可能需要提供开发、测试或生产环境,使软件开发团队可以在其中部署解决方案。For example, you may need to provide development, test, or production environments within which the software development teams can deploy their solutions. 环境具有软件开发团队无法更改的预定义网络拓扑和元素,例如,用于管理公共 Internet 访问权限以及数据包检查的规则。The environment has a predefined network topology and elements that the software development teams cannot change, such as rules governing access to the public internet and packet inspection. 还可以对这些环境使用不同的环境访问权限来配置组织特定的角色。You may also have organization-specific roles for these environments with distinct access rights for the environment.

云托管功能Cloud-hosted capabilities

可以使用模板来支持云托管的功能,包括各个软件包,或者提供给内部业务线的复合产品。You can use templates to support cloud-hosted capabilities, including individual software packages or composite offerings that are offered to internal lines of business. 复合产品的一个示例是在预定义的网络拓扑上利用优化、连接的配置提供的“分析即为服务”(分析、可视化和其他技术)。An example of a composite offering would be analytics-as-a-service—analytics, visualization, and other technologies—delivered in an optimized, connected configuration on a predefined network topology.

云托管功能受到构建它们的云容量产品所创建的安全性和角色考虑因素所影响。Cloud-hosted capabilities are affected by the security and role considerations established by the cloud capacity offering on which they’re built. 这些功能按原样提供,或者作为托管服务提供。These capabilities are offered as is or as a managed service. 对于后者,需要使用访问受限的角色才能出于管理目的启用对环境的访问。For the latter, access-constrained roles are required to enable access into the environment for management purposes.

云服务供应商Cloud service vendors

在与许多 CSV 沟通之后,我们找到了多个方案,方便用户按照客户情况和相关要求部署服务。After talking to many CSVs, we identified multiple approaches you can take to deploy services for your customers and associated requirements.

CSV 托管产品CSV-hosted offering

如果用户在自己的 Azure 订阅中托管产品,则有两种常见的托管方法:对不同的客户使用不同的部署,或者部署缩放单位,建立所有客户使用的共享基础结构。If you host your offering in your own Azure subscription, two hosting approaches are common: deploying a distinct deployment for every customer or deploying scale units that underpin a shared infrastructure used for all customers.

  • 对每位客户使用不同的部署。Distinct deployments for each customer. 对每位客户使用不同的部署需有不同已知配置的固定拓扑。Distinct deployments per customer require fixed topologies of different known configurations. 这些部署可能有不同的虚拟机 (VM) 大小、不同的节点数,以及不同的关联存储量。These deployments may have different virtual machine (VM) sizes, varying numbers of nodes, and different amounts of associated storage. 部署的标记可用于累积每位客户的帐单。Tagging of deployments is used for roll-up billing of each customer. 可以启用 RBAC 来允许客户访问其云环境的各个层面。RBAC may be enabled to allow customers access to aspects of their cloud environment.
  • 共享多租户环境中的缩放单位。Scale units in shared multi-tenant environments. 模板可以代表多租户环境的缩放单位。A template can represent a scale unit for multi-tenant environments. 在此情况下,同一基础结构可用于支持所有客户。In this case, the same infrastructure is used to support all customers. 部署代表一组可针对所托管产品提供容量级别(例如,用户数和事务数)的资源。The deployments represent a group of resources that deliver a level of capacity for the hosted offering, such as number of users and number of transactions. 这些缩放单位可按需增大或减小。These scale units are increased or decreased as demand requires.

将 CSV 产品注入客户订阅CSV offering injected into customer subscription

用户可能需要将软件部署到最终客户拥有的订阅。You may want to deploy your software into subscriptions owned by end customers. 可以使用模板将不同的部署产品部署到客户的 Azure 帐户中。You can use templates to deploy distinct deployments into a customer’s Azure account.

这些部署使用 RBAC,因此,可以在客户的帐户中更新和管理部署。These deployments use RBAC so you can update and manage the deployment within the customer’s account.

Azure 应用商店Azure Marketplace

若要通过应用商店(例如 Azure 应用商店)宣传和销售产品,可以开发模板来提供不同类型的、在客户的 Azure 帐户中运行的部署。To advertise and sell your offerings through a marketplace, such as Azure Marketplace, you can develop templates to deliver distinct types of deployments that run in a customer’s Azure account. 这些不同的部署通常可描述为 T 恤尺寸(小、中、大)、产品/受众类型(社区、开发人员、企业)或功能类型(基本、高可用性)。These distinct deployments can be typically described as a t-shirt size (small, medium, large), product/audience type (community, developer, enterprise), or feature type (basic, high availability). 在某些情况下,这些类型允许指定某些部署属性,例如 VM 类型或磁盘数。In some cases, these types allow you to specify certain attributes of the deployment, such as VM type or number of disks.

OSS 项目OSS projects

在开放源代码项目中,Resource Manager 模板可让社区使用经过证实的做法快速部署解决方案。Within open source projects, Resource Manager templates enable a community to deploy a solution quickly using proven practices. 可以在 GitHub 存储库中存储模板,使社区可在一段时间之后修改它们。You can store templates in a GitHub repository so the community can revise them over time. 用户可在自己的 Azure 订阅中部署这些模板。Users deploy these templates in their own Azure subscriptions.

以下部分描述了在设计解决方案之前需要考虑的事项。The following sections identify the things you need to consider before designing your solution.

识别 VM 内部和外部的项Identifying what is outside and inside a VM

设计模板时,最好考虑虚拟机 (VM) 内部与外部的相关项要求:As you design your template, it’s helpful to look at the requirements in terms of what's outside and inside the virtual machines (VMs):

  • 外部表示部署的 VM 和其他资源,例如,网络拓扑、标记、对证书/机密的引用,以及基于角色的访问控制。Outside means the VMs and other resources of your deployment, such as the network topology, tagging, references to the certs/secrets, and role-based access control. 所有这些资源都是模板的一部分。All these resources are part of your template.
  • 内部表示已安装的软件和整体所需的状态配置。Inside means the installed software and overall desired state configuration. 其他机制(例如 VM 扩展或脚本)可以完全使用或部分使用。Other mechanisms, such as VM extensions or scripts, are used in whole or in part. 模板也许能够识别和执行这些机制,但这些机制并不在模板中。These mechanisms may be identified and executed by the template but aren’t in it.

可以在“箱内”执行的常见活动示例包括:Common examples of activities you would do “inside the box” include -

  • 安装或删除服务器角色和功能Install or remove server roles and features
  • 在节点或群集级别安装和配置软件Install and configure software at the node or cluster level
  • 在 Web 服务器上部署网站Deploy websites on a web server
  • 部署数据库架构Deploy database schemas
  • 管理注册表或其他类型的配置设置Manage registry or other types of configuration settings
  • 管理文件和目录Manage files and directories
  • 启动、停止和管理进程与服务Start, stop, and manage processes and services
  • 管理本地组和用户帐户Manage local groups and user accounts
  • 安装和管理包(.msi、.exe、yum 等)Install and manage packages (.msi, .exe, yum, etc.)
  • 管理环境变量Manage environment variables
  • 运行本机脚本(Windows PowerShell、bash 等)Run native scripts (Windows PowerShell, bash, etc.)

所需状态配置 (DSC)Desired state configuration (DSC)

在部署范畴以外考虑 VM 的内部状态,需要确保这种部署不会与定义并签入源代码管理的配置存在“偏差”。Thinking about the internal state of your VMs beyond deployment, you want to make sure this deployment doesn’t "drift" from the configuration that you have defined and checked into source control. 该方法可以确保开发人员或操作人员不会对环境做出尚未在源代码管理中检查、测试或记录的即席更改。This approach ensures your developers or operations staff don’t make ad-hoc changes to an environment that are not vetted, tested, or recorded in source control. 这种控制很重要,因为手动更改不是在源代码管理中进行的。This control is important, because the manual changes are not in source control. 手动更改也不是标准部署的一部分,会影响将来的软件自动化部署。They are also not part of the standard deployment and will impact future automated deployments of the software.

从安全的立场来看,除了内部员工,所需状态配置也很重要。Beyond your internal employees, desired state configuration is also important from a security perspective. 黑客总会试图泄漏和利用软件系统。Hackers are regularly trying to compromise and exploit software systems. 如果得手,则他们往往会安装文件,或者更改已遭入侵的系统的状态。When successful, it's common to install files and otherwise change the state of a compromised system. 使用所需状态配置,可以识别所需状态与实际状态之间的差异,并还原已知的配置。Using desired state configuration, you can identify deltas between the desired and actual state and restore a known configuration.

DSC 可以使用最热门机制的一些资源扩展 - PowerShell DSC、Chef 和 Puppet。There are resource extensions for the most popular mechanisms for DSC - PowerShell DSC, Chef, and Puppet. 其中的每个扩展都能部署 VM 的初始状态,还可用于确保维持所需的状态。Each of these extensions can deploy the initial state of your VM and also be used to make sure the desired state is maintained.

通用模板范围Common template scopes

根据经验,我们发现了三个主要的解决方案模板范围。In our experience, we’ve seen three key solution templates scopes emerge. 后面的部分将对这三个范围 – 容量、功能和端到端解决方案 – 进行介绍。These three scopes – capacity, capability, and end-to-end solution – are described in the following sections.

容量范围Capacity scope

容量范围可在标准拓扑中提供一组经过预先配置、可遵循法规和策略的资源。A capacity scope delivers a set of resources in a standard topology that is pre-configured to be in compliance with regulations and policies. 最常见的示例是在企业 IT 或 SI 方案中部署标准开发环境。The most common example is deploying a standard development environment in an Enterprise IT or SI scenario.

功能范围Capability scope

功能范围侧重于部署和配置给定技术的拓扑。A capability scope is focused on deploying and configuring a topology for a given technology. 常见的方案包括 SQL Server、Cassandra、Hadoop 等技术。Common scenarios including technologies such as SQL Server, Cassandra, Hadoop.

端到端解决方案范围End-to-end solution scope

端到端解决方案范围的目标不只是单项功能,而是注重于提供由多个功能组成的端到端解决方案。An End-to-End Solution Scope is targeted beyond a single capability, and instead focused on delivering an end to end solution comprised of multiple capabilities.

划归到解决方案的模板范围将其本身列为一个或多个已划分功能的模板的集,其中包含解决方案特定的资源、逻辑和所需状态。A solution-scoped template scope manifests itself as a set of one or more capability-scoped templates with solution-specific resources, logic, and desired state. 解决方案范围内的模板的一个示例是端到端数据管道解决方案模板。An example of a solution-scoped template is an end to end data pipeline solution template. 模板可能与多个功能范围解决方案模板(例如 Kafka、Storm 和 Hadoop)混合解决方案特定拓扑和状态。The template might mix solution-specific topology and state with multiple capability-scoped solution templates such as Kafka, Storm, and Hadoop.

选择自由格式配置与已知配置Choosing free-form vs. known configurations

最初你可能认为模板应该为使用者提供最大的弹性,但有许多考虑因素影响到自由格式配置与已知配置的选择。You might initially think a template should give consumers the utmost flexibility, but many considerations affect the choice of whether to use free-form configurations vs. known configurations. 本部分将列出重要的客户要求,以及构成本文档所分享方案的技术考虑因素。This section identifies the key customer requirements and technical considerations that shaped the approach shared in this document.

自由格式配置Free-form configurations

表面上,自由格式配置听起来很实用。On the surface, free-form configurations sound ideal. 它们允许用户选择 VM 类型,并提供任意数目的节点以及这些节点的附加磁盘(用作模板的参数)。They allow you to select a VM type and provide an arbitrary number of nodes and attached disks for those nodes — and do so as parameters to a template. 但是,有些方案不适合使用此方法。However, this approach is not ideal for some scenarios.

虚拟机大小介绍了不同的 VM 类型和可用大小,以及每种可附加的持久性磁盘数目(2、4、8、16 或 32)。In Sizes for virtual machines, the different VM types and available sizes are identified, and each of the number of durable disks (2, 4, 8, 16, or 32) that can be attached. 每个附加的磁盘提供 500 IOPS,可将这些磁盘的倍数组建成池,以成倍提高 IOPS 数目。Each attached disk provides 500 IOPS and multiples of these disks can be pooled for a multiplier of that number of IOPS. 例如,可将 16 个磁盘组建成池,以提供 8,000 IOPS。For example, 16 disks can be pooled to provide 8,000 IOPS. 可以使用 Microsoft Windows 存储空间或者在 Linux 使用价格便宜的磁盘冗余阵列 (RAID),使用操作系统中的配置来实现池的组建。Pooling is done with configuration in the operating system, using Microsoft Windows Storage Spaces or redundant array of inexpensive disks (RAID) in Linux.

自由格式配置允许选择多个 VM 实例,并为这些实例选择多个 VM 类型和大小,每个 VM 类型可选择多个磁盘,还可选择一个或多个脚本来配置 VM 内容。A free-form configuration enables the selection several VM instances, various VM types and sizes for those instances, various disks for the VM type, and one or more scripts to configure the VM contents.

通常,部署可能有多种类型的节点(例如主节点和数据节点),因此,经常对每个节点类型提供此弹性。It is common that a deployment may have multiple types of nodes, such as master and data nodes, so this flexibility is often provided for every node type.

开始部署具有任何重要性的群集,就要开始处理这些复杂方案。As you start to deploy clusters of any significance, you begin to work with these complex scenarios. 例如,如果在部署 Hadoop 群集,其中有 8 个主节点和 200 个数据节点,并且每个主节点上组建了包含 4 个附加磁盘的池,每个数据节点上共享了 16 个附加磁盘,那么,有 208 个 VM 和 3,232 个磁盘需要管理。If you were deploying a Hadoop cluster, for example, with 8 master nodes and 200 data nodes, and pooled 4 attached disks on each master node and pooled 16 attached disks per data node, you would have 208 VMs and 3,232 disks to manage.

存储帐户会根据它所识别出的每秒 20,000 个事务限制上调节请求,因此,应该查看存储帐户的分区,并使用计算来确定适当数的存储帐户以配合此拓扑。A storage account will throttle requests above its identified 20,000 transactions/second limit, so you should look at storage account partitioning and use calculations to determine the appropriate number of storage accounts to accommodate this topology. 假设自由格式的方法支持多种组合,则需要动态计算来确定适当的分区。Given the multitude of combinations supported by the free-form approach, dynamic calculations are required to determine the appropriate partitioning. Azure Resource Manager 模板语言当前不提供数学函数,因此必须在代码中执行这些计算,生成唯一的硬编码模板以及适当的详细信息。The Azure Resource Manager Template Language does not presently provide mathematical functions, so you must perform these calculations in code, generating a unique, hard-coded template with the appropriate details.

在企业 IT 和 SI 方案中,必须有人维护模板,并支持为一个或多个组织部署的拓扑。In enterprise IT and SI scenarios, someone must maintain the templates and support the deployed topologies for one or more organizations. 这种额外的开销(每位客户有不同的配置和模板)并不尽理想。This additional overhead — different configurations and templates for each customer — is far from desirable.

用户可以使用这些模板在客户的 Azure 订阅中部署环境,但是企业 IT 团队和 CSV 通常将它们部署到自己的订阅,使用分摊功能向客户收费。You can use these templates to deploy environments in your customer’s Azure subscription, but both corporate IT teams and CSVs typically deploy them into their own subscriptions, using a chargeback function to bill their customers. 在这种情况下,目标是要跨订阅池部署适用于多个客户的容量,并让部署密集填入订阅中,以便将订阅的扩展(这种情况下需要管理更多订阅)最小化。In these scenarios, the goal is to deploy capacity for multiple customers across a pool of subscriptions and keep deployments densely populated into the subscriptions to minimize subscription sprawl—that is, more subscriptions to manage. 使用真正的动态部署大小,达到这种类型的密度需要仔细规划,并代表组织基架工作执行其他开发。With truly dynamic deployment sizes, achieving this type of density requires careful planning and additional development for scaffolding work on behalf of the organization.

此外,无法通过 API 调用来创建订阅,必须通过门户手动执行此操作。In addition, you can’t create subscriptions via an API call but must do so manually through the portal. 随着订阅数的增加,任何产生的订阅扩展都必须人为介入,而无法自动化。As the number of subscriptions increases, any resulting subscription sprawl requires human intervention—it can’t be automated. 由于部署的大小如此多变,因此必须手动预配一些订阅,确保有订阅可供使用。With so much variability in the sizes of deployments, you would have to pre-provision a number of subscriptions manually to ensure subscriptions are available.

考虑所有这些因素,真正的自由格式配置乍看之下不是那么有吸引力。Considering all these factors, a truly free-form configuration is less appealing than at first blush.

已知配置 - T 恤尺寸法Known configurations — the t-shirt sizing approach

根据我们的经验,与其给予模板来提供整体弹性和无数种差异,不如采用一种常用模式,就是提供选择已知配置的功能 - 实际上,是诸如沙箱、小、中和大之类的标准 T 恤尺寸。Rather than offer a template that provides total flexibility and countless variations, in our experience a common pattern is to provide the ability to select known configurations — in effect, standard t-shirt sizes such as sandbox, small, medium, and large. T 恤尺寸的其他示例包括产品,例如社区版本或企业版本。Other examples of t-shirt sizes are product offerings, such as community edition or enterprise edition. 在其他情况下,这可能是某种技术的工作负荷特定配置,例如,映射化简或 No SQL。In other cases, it may be workload-specific configurations of a technology – such as map reduce or no sql.

许多企业 IT 组织、OSS 供应商和 SI 当前都能在本地虚拟化环境(企业)中或作为“软件即为服务”(SaaS) 产品(CSV 和 OSV)使用这种方式来使他们的产品可供使用。Many enterprise IT organizations, OSS vendors, and SIs make their offerings available today in this way in on-premises, virtualized environments (enterprises) or as software-as-a-service (SaaS) offerings (CSVs and OSVs).

这种方法可对于预先为客户配置好的各种大小提供正常且已知的配置。This approach provides good, known configurations of varying sizes that are preconfigured for customers. 如果没有已知配置,客户就必须自行确定群集大小、整合平台资源约束,以及执行数学运算来识别存储帐户的生成分区和其他资源(因群集大小和资源约束而导致)。Without known configurations, end customers must determine cluster sizing on their own, factor in platform resource constraints, and do math to identify the resulting partitioning of storage accounts and other resources (due to cluster size and resource constraints). 已知配置使客户能够轻松选择正确的 T 恤尺寸,也就是给定的部署。Known configurations enable customers to easily select the right t-shirt size—that is, a given deployment. 除了为客户提供更好的体验,少量的已知配置可让你更轻松地提供支持,并帮助你提供较高的密度级别。In addition to making a better experience for the customer, a small number of known configurations is easier to support and can help you deliver a higher level of density.

着重于 T 恤尺寸的已知配置方法在某个尺寸内可能还拥有各种节点数。A known configuration approach focused on t-shirt sizes may also have varying number of nodes within a size. 例如,小型 T 恤尺寸可能介于 3 和 10 个节点之间。For example, a small t-shirt size may be between 3 and 10 nodes. T 恤尺寸在设计上最多可容纳 10 个节点,并可让使用者进行任意形式的选择(最多可达已识别出的大小上限)。The t-shirt size would be designed to accommodate up to 10 nodes and provide the consumer the ability to make free form selections up to the maximum size identified.

在可部署的节点数方面,基于工作负荷类型的 T 恤尺寸在性质上可能更自由,但是对节点上的软件生成工作负荷完全不同的节点大小与配置。A t-shirt size based on workload type, may be more free form in nature in terms of the number of nodes that can be deployed but will have workload distinct node size and configuration of the software on the node.

基于产品的 T 恤尺寸(例如社区或企业)可能有不同的资源类型和可部署的节点数上限,通常受到不同产品的授权考虑因素或功能可用性的影响。T-shirt sizes based on product offerings, such as community or Enterprise, may have distinct resource types and maximum number of nodes that can be deployed, typically tied to licensing considerations or feature availability across the different offerings.

还可以使用基于 JSON 的模板,通过独特的变体来配合客户。You can also accommodate customers with unique variants using the JSON-based templates. 处理离群值时,可以纳入有关开发、支持和成本的相应规划与考虑。When dealing with outliers, you can incorporate the appropriate planning and considerations for development, support, and costing.

根据客户模板使用方案以及本文档开头所述的要求,我们确定了模板分解的模式。Based on the customer template consumption scenarios, and requirements identified at the start of this document, we identified a pattern for template decomposition.

划归容量和功能的解决方案模板Capacity and capability-scoped solution templates

分解可以提供模板开发的模块化方法,支持重复使用、可扩展性、测试和工具。Decomposition provides a modular approach to template development that supports reuse, extensibility, testing, and tooling. 本部分详细说明如何将分解方法应用到具有容量或功能范围的模板。This section provides detail on how a decomposition approach can be applied to templates with a Capacity or Capability scope.

在这种方法中,主模板接收来自模板使用者的参数值,并链接到下游的多种类型的模板和脚本,如下所示。In this approach, a main template receives parameter values from a template consumer, then links to several types of templates and scripts downstream as shown below. 参数、静态变量和生成的变量用于提供进出链接模板的值。Parameters, static variables, and generated variables are used to provide values in and out of the linked templates.


参数传递给主模板,并传递给链接的模板Parameters are passed to a main template then to linked templates

后面的部分重点介绍模板类型和单个模板分解成的脚本。The following sections focus on the types of templates and scripts that a single template is decomposed into. 这些部分介绍用于在模板之间传递状态信息的方法。The sections present approaches for passing state information among the templates. 此图中的每个模板和脚本类型都配合了示例来说明。Each template and the script types in the image are described along with examples. 有关上下文示例,请参阅本文档后面的“整合在一起:示例实现”。For a contextual example, see "Putting it together: a sample implementation" later in this document.

模板元数据Template metadata

模板元数据(metadata.json 文件)包含使用 JSON 描述模板的键/值对,使用户和软件系统可以读取该模板。Template metadata (the metadata.json file) contains key/value pairs that describe a template in JSON, which can be read by humans and software systems.


模板元数据在 metadata.json 文件中描述Template metadata is described in the metadata.json file

软件代理可以检索 metadata.json 文件,并在网页或目录中发布信息以及模板的链接。Software agents can retrieve the metadata.json file and publish the information and a link to the template in a web page or directory. 元素包括 itemDisplayNamedescriptionsummarygithubUsernamedateUpdatedElements include itemDisplayName, description, summary, githubUsername, and dateUpdated.

下面显示了完整的示例文件。An example file is shown below in its entirety.

    "itemDisplayName": "PostgreSQL 9.3 on Ubuntu VMs",
    "description": "This template creates a PostgreSQL streaming-replication between a master and one or more slave servers each with 2 striped data disks. The database servers are deployed into a private-only subnet with one publicly accessible jumpbox VM in a DMZ subnet with public IP.",
    "summary": "PostgreSQL stream-replication with multiple slave servers and a publicly accessible jumpbox VM",
    "githubUsername": "arsenvlad",
    "dateUpdated": "2015-04-24"

主模板Main template

主模板从用户接收参数,使用该信息来填充复杂对象变量并执行链接的模板。The main template receives parameters from a user, uses that information to populate complex object variables, and executes the linked templates.


主模板接收来自用户的参数The main template receives parameters from a user

提供的一个参数是已知配置类型,因为它使用标准化值(例如,小、中或大),因此也称为 T 恤尺寸参数。One parameter that is provided is a known configuration type also known as the t-shirt size parameter because of its standardized values such as small, medium, or large. 在实践中,可以多种方式使用此参数。In practice, you can use this parameter in multiple ways. 有关详细信息,请参阅本文档后面的“已知配置资源模板”。For details, see "Known configuration resources template" later in this document.

无论用户参数指定的已知配置为何,都会部署某些资源。Some resources are deployed regardless of the known configuration specified by a user parameter. 这些资源使用单个共享资源模板进行设置,并与其他模板共享,因此可以先运行共享的资源模板。These resources are provisioned using a single shared resource template and are shared by other templates, so the shared resource template is run first.

无论指定的已知配置为何,都会选择性地部署某些资源。Some resources are deployed optionally regardless of the specified known configuration.

共享的资源模板Shared resources template

此模板提供所有已知配置公用的资源。This template delivers resources that are common across all known configurations. 其中包含虚拟网络、可用性集和所需的其他资源,无论部署的已知配置模板为何。It contains the virtual network, availability sets, and other resources that are required regardless of the known configuration template that is deployed.


共享的资源模板Shared resources template

资源名称(例如虚拟网络名称)基于主模板。Resource names, such as the virtual network name, are based on the main template. 可以根据组织的需要,将资源名称指定为该模板中的变量,或者以参数形式从用户处接收资源名称。You can specify them as a variable within that template or receive them as a parameter from the user, as required by your organization.

可选资源模板Optional resources template

可选资源模板包含基于参数或变量值且以编程方式部署的资源。The optional resources template contains resources that are programmatically deployed based on the value of a parameter or variable.


可选资源模板Optional resources template

例如,可以使用可选资源模板来配置 Jumpbox,以便从公共 Internet 间接访问部署的环境。For example, you can use an optional resources template to configure a jumpbox that enables indirect access to a deployed environment from the public Internet. 使用参数或变量来识别是否应启用 Jumpbox,并使用 concat 函数来构建模板的目标名称,例如 jumpbox_enabled.jsonYou would use a parameter or variable to identify whether the jumpbox should be enabled and the concat function to build the target name for the template, such as jumpbox_enabled.json. 模板链接将使用生成的变量来安装 Jumpbox。Template linking would use the resulting variable to install the jumpbox.

可以从多个位置链接可选资源模板:You can link the optional resources template from multiple places:

  • 如果适用于每种部署,可以从共享的资源模板创建参数驱动的链接。When applicable to every deployment, create a parameter-driven link from the shared resources template.
  • 如果适合选择已知配置(例如,安装在大型部署上),可以从已知配置模板创建参数驱动或变量驱动的链接。When applicable to select known configurations—for example, only install on large deployments—create a parameter-driven or variable-driven link from the known configuration template.

给定的资源是否为可选不是由模板使用者决定,而是由模板提供者决定。Whether a given resource is optional may not be driven by the template consumer but instead by the template provider. 例如,可能需要满足特定的产品要求或产品附加组件(对于 CSV 而言很常见)或强制实施策略(对于 SI 和企业 IT 小组而言很常见)。For example, you may need to satisfy a particular product requirement or product add-on (common for CSVs) or to enforce policies (common for SIs and enterprise IT groups). 在这种情况下,可以使用变量来确定是否应该部署资源。In these cases, you can use a variable to identify whether the resource should be deployed.

已知配置资源模板Known configuration resources template

在主模板中,可以公开参数,以允许模板使用者指定要部署的所需已知配置。In the main template, a parameter can be exposed to allow the template consumer to specify a desired known configuration to deploy. 通常这种已知配置使用具有一组固定配置大小(例如,沙箱、小、中、大)的 T 恤尺寸方法。Often, this known configuration uses a t-shirt size approach with a set of fixed configuration sizes such as sandbox, small, medium, and large.


已知配置资源模板Known configuration resources template

通常会使用 T 恤尺寸方法,但参数可以代表任何已知配置的集。The t-shirt size approach is commonly used, but the parameters can represent any set of known configurations. 例如,可以为企业应用程序指定一组环境,例如,开发、测试和生产。For example, you can specify a set of environments for an enterprise application such as Development, Test, and Product. 或者,可以针对云服务使用它来代表不同的缩放单位、产品版本或产品配置,例如,社区、开发人员或企业。Or you could use it for a cloud service to represent different scale units, product versions, or product configurations such as Community, Developer, or Enterprise.

与共享的资源模板一样,变量将从以下任一处传递给已知配置模板:As with the shared resource template, variables are passed to the known configurations template from either:

  • 最终用户 — 也就是说,将参数发送到主模板。An end user—that is, the parameters sent to the main template.
  • 组织 — 也就是说,主模板中代表内部要求或策略的变量。An organization—that is, the variables in the main template that represent internal requirements or policies.

成员资源模板Member resources template

在已知配置中,经常会包含一个或多个成员节点类型。Within a known configuration, one or more member node types are often included. 例如,使用 Hadoop 时,会有主节点和数据节点。For example, with Hadoop you have master nodes and data nodes. 如果要安装 MongoDB,则会有数据节点和仲裁器。If you are installing MongoDB, you have data nodes and an arbiter. 如果要部署 DataStax,则会有数据节点,以及装有 OpsCenter 的 VM。If you are deploying DataStax, you have data nodes and a VM with OpsCenter installed.


成员资源模板Member resources template

每种类型的节点可能具有不同大小的 VM、附加的磁盘数、用于安装和设置节点的脚本、VM 的端口配置、实例数和其他详细信息。Each type of nodes can have different sizes of VMs, numbers of attached disks, scripts to install and set up the nodes, port configurations for the VMs, number of instances, and other details. 因此,每个节点类型都有自身的成员资源模板,其中包含有关部署和配置基础结构,以及执行脚本以在 VM 中部署和配置软件的详细信息。So each node type gets its own member resource template, which contains the details for deploying and configuring an infrastructure as well as executing scripts to deploy and configure software within the VM.

对于 VM,通常会使用两种类型的脚本:广泛可重复使用和自定义的脚本。For VMs, typically two types of scripts are used, widely reusable and custom scripts.

广泛可重复使用的脚本Widely reusable scripts

广泛可重复使用的脚本可以在多种类型的模板上使用。Widely reusable scripts can be used across multiple types of templates. 这些广泛可重复使用脚本的一个较好示例是在 Linux 上配置 RAID 以组建磁盘池,并获得更大的 IOPS 数量。One of the better examples of these widely reusable scripts sets up RAID on Linux to pool disks and gain a greater number of IOPS. 无论 VM 中安装了哪种软件,此脚本都能让你针对常见方案运用经过证实的重复使用体验。Regardless of the software being installed in the VM, this script provides reuse of proven practices for common scenarios.


成员资源模板可以调用可广泛地重复使用的脚本Member resources templates can call widely reusable scripts

自定义脚本Custom scripts

模板通常会调用一个或多个脚本,用于在 VM 中安装和配置软件。Templates commonly call one or more scripts that install and configure software within VMs. 在部署了一个或多个成员类型的多个实例的大型拓扑中经常会使用一种模式。A common pattern is seen with large topologies where multiple instances of one or more member types are deployed. 将对每个可并行运行的 VM 启动安装脚本,接着会在部署所有 VM(或给定成员类型的所有 VM)之后调用设置脚本。An installation script is initiated for every VM that can be run in parallel, followed by a setup script that is called after all VMs (or all VMs of a given member type) are deployed.


成员资源模板可出于特定目的(例如 VM 配置)调用脚本Member resources templates can call scripts for a specific purpose such as VM configuration

划归功能的解决方案模板示例 - RedisCapability-scoped solution template example - Redis

为了演示实施的可能工作原理,请看一个有关构建模板的实践示例,该模板以标准 T 恤尺寸法来简化 Redis 的部署和配置。To show how an implementation might work, let's look at a practical example of building a template that facilitates the deployment and configuration of Redis in standard t-shirt sizes.

为部署提供了一组共享资源(虚拟网络、存储帐户、可用性集)和一个可选资源 (Jumpbox)。For the deployment, there are a set of shared resources (virtual network, storage account, availability sets) and an optional resource (jumpbox). 有多个以 T 恤尺寸(小、中、大)表示的已知配置,但每个配置使用单一节点类型。There are multiple known configurations represented as t-shirt sizes (small, medium, large) but each with a single node type. 此外,还有两个具有特定用途的脚本(安装、配置)。There are also two purpose-specific scripts (installation, configuration).

创建模板文件Creating the template files

创建名为 azuredeploy.json 的主模板。You would create a Main Template named azuredeploy.json.

创建名为 shared-resources.json 的共享资源模板You create Shared Resources Template named shared-resources.json

创建用于启用 Jumpbox 部署的可选资源模板,其名为 jumpbox_enabled.jsonYou create an Optional Resource Template to enable the deployment of a jumpbox, named jumpbox_enabled.json

Redis 只使用单节点类型,因此需创建名为 node-resources.json 的单成员资源模板。Redis uses just a single node type, so you create a single Member Resource Template named node-resources.json.

使用 Redis 时需安装每个节点,并设置群集。With Redis, you want to install each individual node, and then set up the cluster. 可以使用脚本 (redis-cluster-install.sh 和 redis-cluster-setup.sh) 来完成安装和设置。You have scripts to accommodate the installation and set up, redis-cluster-install.sh and redis-cluster-setup.sh.

链接模板Linking the templates

主模板使用模板链接向外链接到共享资源模板,以建立虚拟网络。Using template linking, the main template links out to the shared resources template, which establishes the virtual network.

在主模板中添加逻辑,使模板使用者能够指定是否应部署 Jumpbox。Logic is added within the main template to enable consumers of the template to specify whether a jumpbox should be deployed. EnableJumpbox 参数的值为 enabled 表示客户需要部署 Jumpbox。An enabled value for the EnableJumpbox parameter indicates that the customer wants to deploy a jumpbox. 如果提供了此值,模板将串联 _enabled 作为 Jumpbox 功能的基本模板名称后缀。When this value is provided, the template concatenates _enabled as a suffix to a base template name for the jumpbox capability.

主模板应用 large 参数值作为 T 恤尺寸的基本模板名称后缀,并使用模板中的该值向外链接到 technology_on_os_large.jsonThe main template applies the large parameter value as a suffix to a base template name for t-shirt sizes, and then uses that value in a template link out to technology_on_os_large.json.

拓扑类似于下图。The topology would resemble this illustration.

Redis 模板

Redis 模板的模板结构Template structure for a Redis template

配置状态Configuring state

对于群集中的节点,可以通过两个步骤来配置状态,这两个步骤都在特定于目标的脚本中得到了体现。For the nodes in the cluster, there are two steps to configuring the state, both represented by Purpose Specific Scripts. “redis-cluster-install.sh”安装 Redis,“redis-cluster-setup.sh”设置该群集。"redis-cluster-install.sh" installs Redis and "redis-cluster-setup.sh" sets up the cluster.

支持不同大小的部署Supporting Different Size Deployments

在变量内部,T 恤尺寸模板针对特定大小()指定每个要部署类型的节点数。Inside variables, the t-shirt size template specifies the number of nodes of each type to deploy for the specified size (large). 然后,该模板通过从 copyIndex() 附加包含数字序号的节点名称提供资源的唯一名称,使用资源循环来部署该数目的 VM 实例。It then deploys that number of VM instances using resource loops, providing unique names to resources by appending a node name with a numeric sequence number from copyIndex(). 将根据 T 恤名称模板中的定义,对热区和暖区 VM 执行这些步骤It does these steps for both hot and warm zone VMs, as defined in the t-shirt name template

分解和划归到端到端解决方案的模板Decomposition and end-to-end solution scoped templates

具有端到端解决方案范围的解决方案模板侧重于提供端到端解决方案。A solution template with an end-to-end solution scope is focused on delivering an end-to-end solution. 该方法通常是多个已划归功能的模板及其他资源、逻辑和状态的组合。This approach is typically a composition of multiple capability-scoped templates with additional resources, logic, and state.

如下图中突出显示部分所示,用于已划归功能的模板的同一模型,已针对具有端到端解决方案范围的模板进行扩展。As highlighted in the image below, the same model used for capability scoped templates is extended for templates with an End-to-End Solution Scope.

共享资源模板和可选资源模板提供的功能与已划归容量和功能的模板方法中一样,但已划归到端到端解决方案。A Shared Resources Template and Optional Resources Templates serve the same function as in the capacity and capability scoped template approaches, but are scoped for the end to end solution.

由于已划归到端到端解决方案的模板通常还有 T 恤尺寸,因此,已知配置资源模板反映了解决方案的给定已知配置所需的项。As end to end solution scoped templates also can typically have t-shirt sizes, the Known Configuration Resources template reflects what is required for a given known configuration of the solution.

已知配置资源模板链接到一个或多个与端到端解决方案相关的划归功能的解决方案模板,以及端到端解决方案所需的成员资源模板。The Known Configuration Resources Template links to one or more capability scoped solution templates that are relevant to the end to end solution as well as the Member Resource Templates that are required for the end to end solution.

当解决方案的 T 恤尺寸可能与划归功能的单个模板不同时,已知配置资源模板中的变量可用于针对下游已划归功能的解决方案模板提供适当值,以部署适当的 T 恤尺寸。As the t-shirt size of the solution may be different than the individual capability-scoped template, variables within the Known Configuration Resources Template are used to provide the appropriate values for downstream capability scoped solution templates to deploy the appropriate t-shirt size.


随时可以针对端到端解决方案模板范围扩展用于已划归容量或功能的解决方案模板的模型The model used for capacity or capability scoped solution templates can be readily extended for end to end solution template scopes

准备应用商店的模板Preparing templates for the Marketplace

使用前面的方法随时可以适应企业、SI 和 CSV 自行部署模板,或者客户自行部署项目的方案。The preceding approach readily accommodates scenarios where Enterprises, SIs, and CSVs want to either deploy the templates themselves or enable their customers to deploy on their own.

另一个所需的方案是通过应用商店部署模板。Another desired scenario is deploying a template via the marketplace. 此分解方法也适用于应用商店,不过略有差异。This decomposition approach works for the marketplace as well, with some minor changes.

如前所述,模板可用于提供不同的部署类型,以便在应用商店中进行销售。As mentioned previously, templates can be used to offer distinct deployment types for sale in the marketplace. 不同的部署类型可以是 T 恤尺寸(小、中、大)、产品/受众类型(社区、开发人员、企业)或功能类型(基本、高可用性)。Distinct deployment types may be t-shirt sizes (small, medium, large), product/audience type (community, developer, enterprise), or feature type (basic, high availability).

如下所示,随时可以使用现有的端到端解决方案或已划归功能的模板,在应用商店中列出不同的已知配置。As shown below, the existing end to end solution or capability scoped templates can be readily utilized to list the different known configurations in the marketplace.

先修改主模板的参数,以删除名为 tshirtSize 的入站参数。The parameters to the main template are first modified to remove the inbound parameter named tshirtSize.

将不同的部署类型映射到已知配置资源模板时,这些类型还需要共享资源模板中的通用资源和配置,并且还可能需要可选资源模板中的这些资源和配置。While the distinct deployment types map to the Known Configuration Resources Template, they also need the common resources and configuration found in the Shared Resources Template and potentially those in Optional Resource Templates.

如果想要将模板发布到应用商店,请创建主模板的不同副本,并将以前提供的 tshirtSize 入站参数替换为嵌入在模板中的变量。If you want to publish your template to the marketplace, you establish distinct copies of your Main template that replaces the previously available inbound parameter of tshirtSize to a variable embedded within the template.


为应用商店改编划归解决方案的模板Adapting a solution scoped template for the marketplace

后续步骤Next steps