将 VNet 注入预览工作区升级 到 GA Upgrade your VNet Injection preview workspace to GA

由于能够在自己的 Azure 虚拟网络中部署 Azure Databricks 工作区(有时称为_VNet 注入_),现已从预览版转换为公开上市,你应在2020年3月31日之前将预览工作区升级到 GA 版本。With the ability to deploy an Azure Databricks workspace in your own Azure Virtual Network (sometimes called VNet injection) now transitioned from preview to general availability, you should upgrade your preview workspace to the GA version by March 31, 2020. 升级失败将导致工作区功能丢失。Failure to upgrade will result in loss of workspace functionality. 2020年6月1日之后,将无法访问你的工作区。After June 1, 2020, you will not have any access to your workspace.

重要

如果你尚未将工作区升级到6月1日,将无法访问你的工作区。If you have not upgraded your workspace by June 1st, you will not have access to your workspace. 6月1日之后,请按照升级步骤操作,并打开支持票证,以重新获得对工作区的访问权限。After June 1st, follow the upgrade steps and then open a support ticket to regain access to your workspace.

在 VNet 注入的 GA 版本中,与预览版本不同,Azure Databricks 管理 Azure Databricks 部署所需的所有网络安全组(NSG)规则。In the GA version of VNet injection, unlike the preview version, Azure Databricks manages all network security group (NSG) rules that are required by the Azure Databricks deployment. 出于此原因,升级过程涉及将公共子网和专用子网委托给 Microsoft.Databricks/workspaces 服务,这允许 Azure Databricks 维护这些网络安全组规则。For this reason, the upgrade process involves delegating your public and private subnets to the Microsoft.Databricks/workspaces service, which allows Azure Databricks to maintain those network security group rules. 此委派不会授予 Azure Databricks 任何权限来更新你可以自行添加到子网的网络安全组规则。This delegation does not give Azure Databricks any rights to update network security group rules you may add to the subnets yourself.

此过程不会影响现有 Azure Databricks 群集或正在运行的作业,并且不会对 Azure Databricks 工作区做出任何可见的更改。This process will not interfere with your existing Azure Databricks clusters or running jobs, and will make no visible changes to your Azure Databricks workspace.

要求Requirements

您必须具有以下权限: Microsoft.Network/virtualNetworks/subnets/writeYou must have the following permission: Microsoft.Network/virtualNetworks/subnets/write. 默认情况下,拥有 "所有者" 或 "参与者" 角色的用户具有此权限。Users with the Owner or Contributor role have this permission by default. 若要了解如何分配此权限,请参阅权限To learn how to assign this permission, see Permissions.

使用 Azure CLI 升级Upgrade using Azure CLI

  1. 登录到 Azure CLI。Log in to the Azure CLI.

    az login
    
  2. 设置环境变量。Set environment variables.

    subscriptionId=<Your Subscription ID>
    vnetName=<Your Virtual Network’s Name>
    rgName=<Your Virtual Network’s Resource Group>
    publicSubnetName=<Name of Your Virtual Network’s Public Subnet>
    privateSubnetName=<Name of Your Virtual Network’s Private Subnet>
    delegation='Microsoft.Databricks/workspaces'
    
  3. 将公共子网委托给 Azure Databricks。Delegate the public subnet to Azure Databricks.

    az network vnet subnet update --subscription $subscriptionId --resource-group $rgName --vnet-name $vnetName --name $publicSubnetName --delegation $delegation
    
  4. 委托要 Azure Databricks 的专用子网。Delegate the private subnet to Azure Databricks.

    az network vnet subnet update --subscription $subscriptionId --resource-group $rgName --vnet-name $vnetName --name $privateSubnetName --delegation $delegation
    

使用 powershell 进行升级Upgrade using powershell

  1. 安装网络模块。Install the networking module.

    Install-Module -Name Az.Network -AllowClobber -Force
    
  2. 设置环境变量。Set environment variables.

    $subscriptionId = <Your Subscription ID>
    $vnetName = <Your Virtual Network Name>
    $rgname = <Your Virtual Network's Resource Group>
    $delegation = 'Microsoft.Databricks/workspaces'
    $publicSubnetName = <Name of Your Virtual Network’s Public Subnet>
    $privateSubnetName = <Name of Your Virtual Network’s Private Subnet>
    
  3. 在 shell 中设置订阅。Set the subscription in your shell.

    Select-AzSubscription -SubscriptionId $subscriptionId
    
  4. 检索虚拟网络和相应的子网。Retrieve your virtual network and corresponding subnets.

    $vNet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
    $publicSubnet = Get-AzVirtualNetworkSubnetConfig -name $publicSubnetName -VirtualNetwork $vNet
    $privateSubnet = Get-AzVirtualNetworkSubnetConfig -name $privateSubnetName -VirtualNetwork $vNet
    
  5. 创建一个要 Azure Databricks 的新委派。Create a new delegation to Azure Databricks.

    $delegation = New-AzDelegation -Name adbDelegation -ServiceName "Microsoft.Databricks/workspaces"
    
  6. 将公共子网和专用子网设置为新委托并更新虚拟网络。Set your public and private subnets to the new delegation and update the virtual network.

    Set-AzVirtualNetworkSubnetConfig -Name $publicSubnet.Name -VirtualNetwork $vNet -Delegation $delegation -AddressPrefix $publicSubnet.AddressPrefix
    
    Set-AzVirtualNetworkSubnetConfig -Name $privateSubnet.Name -VirtualNetwork $vNet -Delegation $delegation -AddressPrefix $privateSubnet.AddressPrefix
    
    Set-AzVirtualNetwork -VirtualNetwork $vNet
    

使用 Azure 门户进行升级Upgrade using the Azure portal

  1. 在 Azure 门户中,导航到部署了 Azure Databricks 工作区的虚拟网络。In the Azure portal, navigate to the virtual network where your Azure Databricks workspace is deployed. 请参阅查看虚拟网络和设置See View virtual networks and settings.

    虚拟网络设置Virtual network settings

  2. 在左侧菜单中,单击 "子网"。In the left menu, click Subnets. 你将看到显示的私有和公共子网信息。You’ll see your private and public subnet information displayed.

    子网Subnets

  3. 单击 "公共子网" 行,中转到 "子网委托" 下拉列表,然后选择 " Databricks"/"工作区" 服务。Click the public subnet row, go to the Subnet delegation dropdown, and select the Microsoft.Databricks/workspaces service.

    子网委派Subnet delegation

    有关子网委派的详细信息,请参阅添加或删除子网委派For more information about subnet delegation, see Add or remove a subnet delegation.

  4. 对专用子网重复子网委托。Repeat the subnet delegation for the private subnet.

  5. 保存所做更改。Save your changes.

使用 Azure 资源管理器模板进行升级Upgrade using Azure Resource Manager templates

重要

如果在预览期间使用 Azure 资源管理器(ARM)模板将 Azure Databricks 工作区部署到自己的虚拟网络,并且想要继续使用 Azure 资源管理器模板来创建虚拟网络并部署工作区,则应使用升级的 Azure 资源管理器模板If you used Azure Resource Manager (ARM) templates to deploy a Azure Databricks workspace to your own virtual network during the preview, and you want to continue to use Azure Resource Manager templates to create virtual networks and deploy workspaces, you should use the upgraded Azure Resource Manager templates. 请参阅配置虚拟网络See Configure the virtual network.

升级后的步骤Post-upgrade steps

完成子网委派后,Azure Databricks 将在24小时内完成工作区升级。Once you have completed the subnet delegation, Azure Databricks will complete your workspace upgrade within 24 hours. 升级完成后,应会在连接到公共子网和专用子网的网络安全组中看到一组新的网络安全规则When your upgrade is complete, you should see a new set of network security rules in the network security group attached to your public and private subnets. 其中每个规则名称都以前缀开头 Microsoft.Databricks-workspacesEach of these rule names starts with the prefix Microsoft.Databricks-workspaces. 不再需要以前缀开头的任何规则 databricks ,您应该使用以下过程删除这些规则:Any rules that begin with the prefix databricks are no longer necessary, and you should delete them using the following procedure:

  1. 在 Azure 门户中,导航到部署了 Azure Databricks 工作区的虚拟网络。In the Azure portal, navigate to the virtual network where your Azure Databricks workspace is deployed. 请参阅查看虚拟网络和设置See View virtual networks and settings.

    虚拟网络设置Virtual network settings

  2. 在左侧菜单中,单击 "子网",并复制专用子网和公共子网的网络安全组的名称。In the left menu, click Subnets, and copy the name of the network security group for both your private and public subnets.

    子网Subnets

  3. 将公共子网的网络安全组名称粘贴到搜索栏中,以打开 "网络安全组概述" 页。Paste the public subnet’s network security group name into the Search bar to open the Network security group Overview page.

  4. 在 "概述" 页上,查找以 "databricks" 开头的所有入站和出站规则,并将其删除。On the Overview page, find all inbound and outbound rules that start with “databricks” and delete them.

    网络安全组概述Network security group overview

  5. 对专用子网重复前面两个步骤。Repeat the previous two steps for the private subnet.