您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

启用安全部署实践与 Azure 部署管理器 (公共预览版)Enable safe deployment practices with Azure Deployment Manager (Public preview)

要跨多个区域部署服务并确保它在每个区域中按预期运行,可以使用 Azure 部署管理器来协调服务的分阶段推出。To deploy your service across many regions and make sure it's running as expected in each region, you can use Azure Deployment Manager to coordinate a staged rollout of the service. 与任何 Azure 部署一样,需在资源管理器模板中为服务定义资源。Just as you would for any Azure deployment, you define the resources for your service in Resource Manager templates. 创建模板后,使用部署管理器描述服务的拓扑及其推出方式。After creating the templates, you use Deployment Manager to describe the topology for your service and how it should be rolled out.

部署管理器是资源管理器的一项功能。Deployment Manager is a feature of Resource Manager. 它将在部署过程中为你提供帮助。It expands your capabilities during deployment. 如果有需要部署到多个区域的复杂服务,请使用部署管理器。Use Deployment Manager when you have a complex service that needs to be deployed to several regions. 通过分阶段推出服务,你可以在服务已部署到所有区域之前发现潜在的问题。By staging the rollout of your service, you can find potential problems before it has been deployed to all regions. 如果不需要分阶段推出的额外预防措施,请使用资源管理器的标准部署选项If you don't need the extra precautions of a staged rollout, use the standard deployment options for Resource Manager. 部署管理器与支持资源管理器部署的所有现有第三方工具无缝集成,例如持续集成和持续交付 (CI/CD) 产品/服务。Deployment Manager seamlessly integrates with all existing third-party tools that support Resource Manager deployments, such as continuous integration and continuous delivery (CI/CD) offerings.

Azure 部署管理器处于预览状态。Azure Deployment Manager is in preview. 帮助我们改进功能,从而反馈Help us improve the feature by providing feedback.

要使用部署管理器,需要创建四个文件:To use Deployment Manager, you need to create four files:

  • 拓扑模板Topology template
  • 推出模板Rollout template
  • 拓扑的参数文件Parameter file for topology
  • 推出的参数文件Parameter file for rollout

请在部署推出模板之前部署拓扑模板。You deploy the topology template before deploying the rollout template.

其他资源:Additional resources:

标识和访问Identity and access

利用资源管理器,用户分配的托管标识可执行部署操作。With Deployment Manager, a user-assigned managed identity performs the deployment actions. 请开始部署之前创建此标识。You create this identity before starting your deployment. 它必须有权访问要将服务部署到的订阅并具有足够权限来完成部署。It must have access to the subscription you're deploying the service to, and sufficient permission to complete the deployment. 有关通过角色授予的操作的详细信息,请参阅 Azure 资源的内置角色For information about the actions granted through roles, see Built-in roles for Azure resources.

标识必须位于与部署相同的位置。The identity must reside in the same location as the rollout.

拓扑模板Topology template

拓扑模板描述构成服务的 Azure 资源以及这些资源的部署位置。The topology template describes the Azure resources that make up your service and where to deploy them. 下图显示了示例服务的拓扑:The following image shows the topology for an example service:

从服务拓扑到服务再到服务单位的层次结构

拓扑模板包括以下资源:The topology template includes the following resources:

  • 项目源 - 存储资源管理器和参数的位置Artifact source - where your Resource Manager templates and parameters are stored
  • 服务拓扑 - 指向项目源Service topology - points to artifact source
    • 服务 - 指定位置和 Azure 订阅 IDServices - specifies location and Azure subscription ID
      • 服务单位 - 指定资源组、部署模式以及模板和参数文件的路径Service units - specifies resource group, deployment mode, and path to template and parameter file

要向了解每个级别发生的情况,查看你提供的值将很有帮助。To understand what happens at each level, it's helpful to see which values you provide.

每个级别的值

模板的项目源Artifact source for templates

在拓扑模板中,创建保存模板和参数文件的项目源。In your topology template, you create an artifact source that holds the templates and parameters files. 项目源是一种拉取文件以进行部署的方法。The artifact source is a way to pull the files for deployment. 本文后面部分将展示针对二进制文件的另一个项目源。You'll see another artifact source for binaries later in this article.

以下示例显示了项目源的一般格式。The following example shows the general format of the artifact source.

{
    "type": "Microsoft.DeploymentManager/artifactSources",
    "name": "<artifact-source-name>",
    "location": "<artifact-source-location>",
    "apiVersion": "2018-09-01-preview",
    "properties": {
        "sourceType": "AzureStorage",
        "artifactRoot": "<root-folder-for-templates>",
        "authentication": {
            "type": "SAS",
            "properties": {
                "sasUri": "<SAS-URI-for-storage-container>"
            }
        }
    }
}

有关详细信息,请参阅 artifactSources 模板引用For more information, see artifactSources template reference.

服务拓扑Service topology

以下示例显示了服务拓扑资源的一般格式。The following example shows the general format of the service topology resource. 需要提供保存模板和参数文件的项目源的资源 ID。You provide the resource ID of the artifact source that holds the templates and parameter files. 服务拓扑包括所有服务资源。The service topology includes all service resources. 要确保项目源可用,服务拓扑需要依赖于它。To make sure the artifact source is available, the service topology depends on it.

{
    "type": "Microsoft.DeploymentManager/serviceTopologies",
    "name": "<topology-name>",
    "location": "<topology-location>",
    "apiVersion": "2018-09-01-preview",
    "properties": {
        "artifactSourceId": "<resource-ID-artifact-source>"
    },
    "dependsOn": [
        "<artifact-source>"
    ],
    "resources": [
        {
            "type": "services",
            ...
        }
    ]
}

有关详细信息,请参阅 serviceTopologies 模板引用For more information, see serviceTopologies template reference.

服务Services

以下示例显示了服务资源的一般格式。The following example shows the general format of the services resource. 在每个服务中,需要提供用于部署服务的位置和 Azure 订阅 ID。In each service, you provide the location and Azure subscription ID to use for deploying your service. 要部署到多个区域,请为每个区域定义一个服务。To deploy to several regions, you define a service for each region. 该服务依赖于服务拓扑。The service depends on the service topology.

{
    "type": "services",
    "name": "<service-name>",
    "location": "<service-location>",
    "apiVersion": "2018-09-01-preview",
    "dependsOn": [
        "<service-topology>"
    ],
    "properties": {
        "targetSubscriptionId": "<subscription-ID>",
        "targetLocation": "<location-of-deployed-service>"
    },
    "resources": [
        {
            "type": "serviceUnits",
            ...
        }
    ]
}

有关详细信息,请参阅服务模板引用For more information, see services template reference.

服务单位Service Units

以下示例显示了服务单位资源的一般格式。The following example shows the general format of the service units resource. 在每个服务单位中,需要指定资源组、用于部署的部署模式以及模板和参数文件的路径。In each service unit, you specify the resource group, the deployment mode to use for deployment, and the path to the template and parameter file. 如果为模板和参数指定相对路径,则完整路径将从项目源的根文件夹构造。If you specify a relative path for the template and parameters, the full path is constructed from the root folder in the artifacts source. 可以为模板和参数指定绝对路径,但将无法轻松地对版本进行版本控制。You can specify an absolute path for the template and parameters, but you lose the ability to easily version your releases. 服务单位依赖于服务。The service unit depends on the service.

{
    "type": "serviceUnits",
    "name": "<service-unit-name>",
    "location": "<service-unit-location>",
    "apiVersion": "2018-09-01-preview",
    "dependsOn": [
        "<service>"
    ],
    "tags": {
        "serviceType": "Service West US Web App"
    },
    "properties": {
        "targetResourceGroup": "<resource-group-name>",
        "deploymentMode": "Incremental",
        "artifacts": {
            "templateArtifactSourceRelativePath": "<relative-path-to-template>",
            "parametersArtifactSourceRelativePath": "<relative-path-to-parameter-file>"
        }
    }
}

每个模板都应包含你想要一步部署的相关资源。Each template should include the related resources that you want to deploy in one step. 例如,服务单位可以包含为服务前端部署所有资源的模板。For example, a service unit could have a template that deploys all of the resources for your service's front end.

有关详细信息,请参阅 serviceUnits 模板引用For more information, see serviceUnits template reference.

推出模板Rollout template

推出模板描述部署服务时要执行的步骤。The rollout template describes the steps to take when deploying your service. 需要指定要使用的服务拓扑,并定义部署服务单位的顺序。You specify the service topology to use and define the order for deploying service units. 它包括用于存储部署二进制文件的项目源。It includes an artifact source for storing binaries for the deployment. 在推出模板中定义以下层次结构:In your rollout template, you define the following hierarchy:

  • 项目源Artifact source
  • 步骤Step
  • 推出Rollout
    • 步骤组Step groups
      • 部署操作Deployment operations

下图显示了推出模板的层次结构:The following image shows the hierarchy of the rollout template:

从推出到步骤的层次结构

每个推出可能有多个步骤组。Each rollout can have many step groups. 每个步骤组具有一个指向服务拓扑中的服务单位的部署操作。Each step group has one deployment operation that points to a service unit in the service topology.

二进制文件的项目源Artifact source for binaries

在推出模板中,为需要部署到服务的二进制文件创建项目源。In the rollout template, you create an artifact source for the binaries you need to deploy to the service. 此项目源类似于模板的项目源,但它包含脚本、网页、编译代码或服务所需的其他文件。This artifact source is similar to the artifact source for templates, except that it contains the scripts, web pages, compiled code, or other files needed by your service.

StepsSteps

可以定义在部署操作之前或之后执行的步骤。You can define a step to perform either before or after your deployment operation. 目前,仅wait步骤和运行状况检查步骤都可用。Currently, only the wait step and the 'healthCheck' step are available.

wait 步骤将先暂停部署,然后才能继续部署。The wait step pauses the deployment before continuing. 此步骤允许在部署下一个服务单位之前验证服务是否按预期运行。It allows you to verify that your service is running as expected before deploying the next service unit. 以下示例显示了 wait 步骤的一般格式。The following example shows the general format of a wait step.

{
    "apiVersion": "2018-09-01-preview",
    "type": "Microsoft.DeploymentManager/steps",
    "name": "waitStep",
        "location": "<step-location>",
    "properties": {
        "stepType": "wait",
        "attributes": {
          "duration": "PT1M"
        }
    }
},

持续时间属性使用 ISO 8601 标准The duration property uses ISO 8601 standard. 前面的示例指定了一分钟的等待时间。The preceding example specifies a one-minute wait.

有关运行状况检查步骤的详细信息,请参阅引入到 Azure 部署管理器的运行状况集成推出教程:在 Azure 部署管理器中使用运行状况检查For more information about the health check step, see Introduce health integration rollout to Azure Deployment Manager and Tutorial: Use health check in Azure Deployment Manager.

有关详细信息,请参阅步骤模板引用For more information, see steps template reference.

推出Rollouts

要确保项目源可用,推出需要依赖于它。To make sure the artifact source is available, the rollout depends on it. 推出定义已部署的每个服务单位的步骤组。The rollout defines steps groups for each service unit that is deployed. 可以定义在部署之前或之后要执行的操作。You can define actions to take before or after deployment. 例如,可以指定部署在部署服务单位后进行等待。For example, you can specify that the deployment wait after the service unit has been deployed. 可以定义步骤组的顺序。You can define the order of the step groups.

标识对象指定执行部署操作的用户分配的托管标识The identity object specifies the user-assigned managed identity that performs the deployment actions.

以下示例显示了推出的一般格式。The following example shows the general format of the rollout.

{
    "type": "Microsoft.DeploymentManager/rollouts",
    "name": "<rollout-name>",
    "location": "<rollout-location>",
    "apiVersion": "2018-09-01-preview",
    "Identity": {
        "type": "userAssigned",
        "identityIds": [
            "<managed-identity-ID>"
        ]
    },
    "dependsOn": [
        "<artifact-source>"
    ],
    "properties": {
        "buildVersion": "1.0.0.0",
        "artifactSourceId": "<artifact-source-ID>",
        "targetServiceTopologyId": "<service-topology-ID>",
        "stepGroups": [
            {
                "name": "stepGroup1",
                "dependsOnStepGroups": ["<step-group-name>"],
                "preDeploymentSteps": ["<step-ID>"],
                "deploymentTargetId":
                    "<service-unit-ID>",
                "postDeploymentSteps": ["<step-ID>"]
            },
            ...
        ]
    }
}

有关详细信息,请参阅推出模板引用For more information, see rollouts template reference.

参数文件Parameter file

需要创建两个参数文件。You create two parameter files. 一个参数文件在部署服务拓扑时使用,另一个用于推出部署。One parameter file is used when deploying the service topology, and the other is used for the rollout deployment. 需要确保两个参数文件中的某些值相同。There are some values that you need to make sure are the same in both parameter files.

containerRoot 变量containerRoot variable

对于已版本控制的部署,项目的路径随每个新版本而发生更改。With versioned deployments, the path to your artifacts changes with each new version. 首次运行部署时,路径可能为 https://<base-uri-blob-container>/binaries/1.0.0.0The first time you run a deployment the path might be https://<base-uri-blob-container>/binaries/1.0.0.0. 第二次可能为 https://<base-uri-blob-container>/binaries/1.0.0.1The second time it might be https://<base-uri-blob-container>/binaries/1.0.0.1. 部署管理器使用 $containerRoot 变量简化获取当前部署的正确根路径。Deployment Manager simplifies getting the correct root path for the current deployment by using the $containerRoot variable. 此值随每个版本而发生更改,并且在部署前未知。This value changes with each version and isn't known before deployment.

使用模板参数文件中的 $containerRoot 变量部署 Azure 资源。Use the $containerRoot variable in the parameter file for template to deploy the Azure resources. 部署时,此变量将替换为推出的实际值。At deployment time, this variable is replaced with the actual values from the rollout.

例如,在推出期间为二进制项目创建项目源。For example, during rollout you create an artifact source for the binary artifacts.

{
    "type": "Microsoft.DeploymentManager/artifactSources",
    "name": "[variables('rolloutArtifactSource').name]",
    "location": "[parameters('azureResourceLocation')]",
    "apiVersion": "2018-09-01-preview",
    "properties": {
        "sourceType": "AzureStorage",
        "artifactRoot": "[parameters('binaryArtifactRoot')]",
        "authentication" :
        {
            "type": "SAS",
            "properties": {
                "sasUri": "[parameters('artifactSourceSASLocation')]"
            }
        }
    }
},

请注意 artifactRootsasUri 属性。Notice the artifactRoot and sasUri properties. 项目根目录可能设置为类似 binaries/1.0.0.0 的值。The artifact root might be set to a value like binaries/1.0.0.0. SAS URI 是存储容器的 URI,带有用于访问的 SAS 令牌。The SAS URI is the URI to your storage container with a SAS token for access. 部署管理器自动构造 $containerRoot 变量的值。Deployment Manager automatically constructs the value of the $containerRoot variable. 它以 <container>/<artifactRoot> 格式将这些值组合在一起。It combines those values in the format <container>/<artifactRoot>.

模板和参数文件需要了解获取已版本控制的二进制文件的正确路径。Your template and parameter file need to know the correct path for getting the versioned binaries. 例如,若要为 Web 应用部署文件,请创建以下具有 $containerRoot 变量的参数文件。For example, to deploy files for a web app, create the following parameter file with the $containerRoot variable. 路径必须使用两个反斜杠 (\\),因为第一个是转义字符。You must use two backslashes (\\) for the path because the first is an escape character.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "deployPackageUri": {
            "value": "$containerRoot\\helloWorldWebAppWUS.zip"
        }
    }
}

然后,在模板中使用该参数:Then, use that parameter in your template:

{
    "name": "MSDeploy",
    "type": "extensions",
    "location": "[parameters('location')]",
    "apiVersion": "2015-08-01",
    "dependsOn": [
        "[concat('Microsoft.Web/sites/', parameters('WebAppName'))]"
    ],
    "tags": {
        "displayName": "WebAppMSDeploy"
    },
    "properties": {
        "packageUri": "[parameters('deployPackageURI')]"
    }
}

可通过创建新文件夹并在推出期间传入该根目录来管理已版本控制的部署。You manage versioned deployments by creating new folders and passing in that root during rollout. 路径将流向部署资源的模板。The path flows through to the template that deploys the resources.

后续步骤Next steps

本文介绍了有关部署管理器的信息。In this article, you learned about Deployment Manager. 请转到下一篇文章,了解如何使用部署管理器进行部署。Proceed to the next article to learn how to deploy with Deployment Manager.