您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Azure 资源管理器模板部署 Azure 虚拟机并将其连接到 Azure ArcUse an Azure Resource Manager template to deploy and connect an Azure virtual machine to Azure Arc

本文提供了有关使用 azure 资源管理器模板 (ARM 模板) 自动将 azure 虚拟机集成 (azure VM) 运行 Windows 到 Azure Arc 的指南。提供的 ARM 模板负责创建 Azure 资源并在 VM 上执行 Azure Arc 上架脚本。This article provides guidance for using an Azure Resource Manager template (ARM template) to automatically onboard an Azure virtual machine (Azure VM) running Windows to Azure Arc. The provided ARM template is responsible for creating the Azure resources and executing the Azure Arc onboard script on the VM.

默认情况下,azure Vm 使用 (IMDS) 的 Azure 实例元数据服务 Azure VMs are using the Azure Instance Metadata Service (IMDS) by default. 通过将 Azure VM 投影为启用了 Azure Arc 的服务器,将创建一个 冲突 ,这将不允许在使用 IMDS 时将 azure Arc 服务器资源表示为一个。By projecting an Azure VM as an Azure Arc enabled server, a conflict is created, which will not allow for the Azure Arc server resources to be represented as one when the IMDS is being used. 相反,Azure Arc 服务器仍将作为本机 Azure VM "执行"。Instead, the Azure Arc server will still "act" as a native Azure VM.

本指南允许使用 Azure Vm 并将其加入 Azure Arc, 仅用于演示目的This guide will allow you to use and onboard Azure VMs to Azure Arc for demo purposes only. 你将能够模拟在 Azure 外部部署的服务器,例如 "本地" 或其他云平台。You will have the ability to simulate a server deployed outside of Azure, for example, "on-premises" or in other cloud platforms.

备注

Azure VM 不应为启用了 Azure Arc 的服务器。An Azure VM is not expected to be an Azure Arc enabled server. 以下方案不受支持,只应用于演示和测试目的。The below scenario is unsupported and should only be used for demo and testing purposes.

先决条件Prerequisites

  1. 克隆 Azure Arc Jumpstart 存储库。Clone the Azure Arc Jumpstart repository.

    git clone https://github.com/microsoft/azure_arc.git
    
  2. 安装或 Azure CLI 更新到版本2.7 及更高版本Install or update Azure CLI to version 2.7 and above. 使用以下命令检查当前安装的版本。Use the following command to check your current installed version.

    az --version
    
  3. Azure 订阅:如果没有 Azure 订阅,可以 创建免费的 azure 帐户Azure subscription: if you don't have an Azure subscription, you can create a free Azure account.

  4. 创建 Azure 服务主体。Create an Azure service principal.

    若要使用 ARM 模板部署 Azure 资源,需要一个使用 "参与者" 角色分配的 Azure 服务主体。In order for you to deploy the Azure resources using the ARM template, an Azure service principal assigned with the Contributor role is required. 若要创建它,请登录到 Azure 帐户,并运行以下命令。To create it, sign in to your Azure account and run the following command. 你还可以在 Azure Cloud Shell中运行此命令。You can also run this command in Azure Cloud Shell.

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    例如:For example:

    az ad sp create-for-rbac -n "http://AzureArcServers" --role contributor
    

    输出应如下所示:Output should look like this:

    {
      "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "displayName": "AzureArcServers",
      "name": "http://AzureArcServers",
      "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    备注

    我们强烈建议你将服务主体的范围限定为特定的 Azure 订阅和资源组We highly recommend that you scope the service principal to a specific Azure subscription and resource group.

自动化流Automation flow

为了熟悉自动化和部署流程,下面是一个说明。For you to get familiar with the automation and deployment flow, below is an explanation.

  1. 用户编辑 ARM 模板参数文件 (一次编辑) 。A user edits the ARM template parameters file (one time edit). 在整个部署中将使用这些参数值。These parameter values are being used throughout the deployment.

  2. ARM 模板包含 Azure VM 自定义脚本扩展,该扩展可部署 install_arc_agent.ps1 PowerShell 脚本。The ARM template includes an Azure VM custom script extension, which deploys the install_arc_agent.ps1 PowerShell script.

  3. 为了允许 Azure VM 成功地投影为启用了 Azure Arc 的服务器,该脚本将:In order to allow the Azure VM to successfully be projected as an Azure Arc enabled server, the script will:

    1. 设置本地 OS 环境变量。Set local OS environment variables.

    2. 生成名为的本地操作系统登录脚本 LogonScript.ps1Generate a local OS sign-in script named LogonScript.ps1. 此脚本将:This script will:

      • 创建 LogonScript.log 文件。Create the LogonScript.log file.

      • 停止并禁用 Windows Azure 来宾代理服务。Stop and disable the Windows Azure guest agent service.

      • 创建新的 Windows 防火墙规则,阻止到远程地址的 Azure IMDS 出站流量 169.254.169.254Create a new Windows Firewall rule to block Azure IMDS outbound traffic to the 169.254.169.254 remote address.

      • 取消注册登录脚本 Windows 计划任务,使其在首次登录后不会运行。Unregister the sign-in script Windows scheduled task so it won't run after first sign-in.

    3. 禁用并阻止 Windows 服务器管理器在启动时运行。Disable and prevent Windows Server Manager from running on startup.

  4. 用户通过 RDP 连接到 Windows VM,该 VM 开始运行 LogonScript.ps1 并将 VM 加入到 Azure Arc。A user connects via RDP to the Windows VM, which starts running LogonScript.ps1 and onboards the VM to Azure Arc.

部署Deployment

如前所述,此部署将使用 ARM 模板。As mentioned, this deployment will use ARM templates. 你将部署一个模板,负责在单个资源组中创建所有 Azure 资源,并将创建的 VM 载入 Azure Arc。You will deploy a single template, responsible for creating all the Azure resources in a single resource group and onboarding the created VM to Azure Arc.

  1. 在部署 ARM 模板之前,请使用命令 Azure CLI 登录到 Azure az loginBefore deploying the ARM template, sign in to Azure using Azure CLI with the az login command.

  2. 部署正在使用 ARM 模板参数文件。The deployment is using the ARM template parameters file. 在开始部署之前,请编辑 azuredeploy.parameters.json 位于本地克隆的存储库文件夹中的文件。Before initiating the deployment, edit the azuredeploy.parameters.json file located in your local cloned repository folder. 下面是一个示例参数文件。An example parameters file is located here.

  3. 若要部署 ARM 模板,请导航到本地克隆的 部署文件夹 ,并运行以下命令:To deploy the ARM template, navigate to the local cloned deployment folder and run the following command:

    az group create --name <Name of the Azure resource group> --location <Azure Region> --tags "Project=jumpstart_azure_arc_servers"
    az deployment group create \
    --resource-group <Name of the Azure resource group> \
    --name <The name of this deployment> \
    --template-uri https://raw.githubusercontent.com/microsoft/azure-arc/main/azure_arc_servers_jumpstart/azure/windows/arm_template/azuredeploy.json \
    --parameters <The `azuredeploy.parameters.json` parameters file location>
    

    备注

    请确保使用的 Azure 资源组名称与在文件中使用的相同 azuredeploy.parameters.jsonMake sure that you are using the same Azure resource group name as the one you used in the azuredeploy.parameters.json file.

    例如:For example:

    az group create --name Arc-Servers-Win-Demo --location "East US" --tags "Project=jumpstart_azure_arc_servers"
    az deployment group create \
    --resource-group Arc-Servers-Win-Demo \
    --name arcwinsrvdemo \
    --template-uri https://raw.githubusercontent.com/microsoft/azure-arc/main/azure_arc_servers_jumpstart/azure/windows/arm_template/azuredeploy.json \
    --parameters azuredeploy.parameters.json
    
  4. 预配 Azure 资源后,可在 "Azure 门户中查看这些资源。Once the Azure resources have been provisioned, you can see them in the Azure portal.

    ARM 模板的输出的屏幕截图。

    资源组中的屏幕截图资源。

Windows 登录和部署后Windows sign-in and post-deployment

  1. 创建 Windows Server VM 后,下一步是将其连接起来。Now that the Windows Server VM is created, the next step is connecting it. 使用 RDP 连接到 VM 的公共 IP 地址。Using its public IP address, RDP to the VM.

    Azure VM 公共 IP 地址的屏幕截图。

  2. 首次登录时,将会执行登录脚本,如 " 自动化流 " 一节中所述。Upon first sign-in, as mentioned in the Automation flow section, a sign-in script will get executed. 此脚本是在自动部署过程中创建的。This script is created as part of the automated deployment process.

  3. 让脚本运行, 不要关闭 PowerShell 会话。Let the script run and do not close the PowerShell session. 完成后,会话将自动关闭。The session closes for you automatically once completed.

    备注

    脚本运行时间长约为1-2 分钟。The script run time is ~1-2 minutes long.

    一种类型的脚本输出的屏幕截图。

    第二种类型的脚本输出的屏幕截图。

    第三种类型的脚本输出的屏幕截图。

    第四种类型的脚本输出的屏幕截图。

  4. 成功完成后,新的启用 Azure Arc 的服务器将添加到资源组。Upon successful completion, a new Azure Arc enabled server will be added to the resource group.

启用了 Azure Arc 的服务器中的资源组的屏幕截图。

启用了 Azure Arc 的服务器的详细信息的屏幕截图。

清理Cleanup

若要删除整个部署,请从 Azure 门户中删除资源组。To delete the entire deployment, delete the resource group from the Azure portal.

如何删除资源组的屏幕截图。