你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
用于 Azure 实验室服务的 Azure PowerShell 示例
本文包括 Azure 实验室服务的示例 Azure PowerShell 脚本。
注意
建议使用 Azure Az PowerShell 模块与 Azure 交互。 请参阅安装 Azure PowerShell 以开始使用。 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 Az。
本示例需要 Azure PowerShell Az 1.0 或更高版本。 运行 Get-Module -ListAvailable Az
,查看已安装哪些版本。
如果需要安装,请参阅安装 Azure PowerShell 模块。
通过运行 Connect-AzAccount 登录到 Azure。
本文包括以下示例:
Script | 说明 |
---|---|
将外部用户添加到实验室 | 此 PowerShell 脚本将外部用户添加到 Azure 开发测试实验室中的实验室。 |
将市场映像添加到实验室 | 此 PowerShell 脚本将市场映像添加到 Azure 开发测试实验室中的实验室。 |
从虚拟硬盘 (VHD) 创建自定义映像 | 此 PowerShell 脚本在 Azure 开发测试实验室的实验室中创建自定义映像。 |
在实验室中创建自定义角色 | 此 PowerShell 脚本在 Azure 实验室服务的实验室中创建自定义角色。 |
在实验室中设置允许的虚拟机大小 | 此 PowerShell 脚本在实验室中设置允许的虚拟机大小。 |
先决条件
所有这些脚本都具有以下先决条件:
- 一个现有实验室。 如果没有,请按照此快速入门了解如何在 Azure 门户中创建实验室。
将外部用户添加到实验室
此示例 PowerShell 脚本将外部用户添加到 Azure 开发测试实验室中的实验室。
# Values to change
$subscriptionId = "<Enter Azure subscription ID here>"
$labResourceGroup = "<Enter lab's resource name here>"
$labName = "<Enter lab name here>"
$userDisplayName = "<Enter user's display name here>"
# Log into your Azure account
Login-AzAccount
# Select the Azure subscription that contains the lab.
# This step is optional if you have only one subscription.
Select-AzSubscription -SubscriptionId $subscriptionId
# Retrieve the user object
$adObject = Get-AzADUser -SearchString $userDisplayName
# Create the role assignment.
$labId = ('subscriptions/' + $subscriptionId + '/resourceGroups/' + $labResourceGroup + '/providers/Microsoft.DevTestLab/labs/' + $labName)
New-AzRoleAssignment -ObjectId $adObject.Id -RoleDefinitionName 'DevTest Labs User' -Scope $labId
此脚本使用以下命令:
命令 | 注释 |
---|---|
Get-AzADUser | 从 Microsoft Entra ID 重试用户对象。 |
New-AzRoleAssignment | 在指定范围内将指定的角色分配给指定的主体。 |
将市场映像添加到实验室
此示例 PowerShell 脚本将市场映像添加到 Azure 开发测试实验室中的实验室。
param
(
[Parameter(Mandatory=$true, HelpMessage="The name of the DevTest Lab to update")]
[string] $DevTestLabName,
[Parameter(Mandatory=$true, HelpMessage="The array of Marketplace Image names to enable")]
[Array] $ImagesToAdd
)
function Get-Lab
{
$lab = Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs' -ResourceNameEquals $DevTestLabName
if(!$lab)
{
throw "Lab named $DevTestLabName was not found"
}
return $lab
}
function Get-PolicyChanges ($lab)
{
#start by finding the existing policy
$script:labResourceName = $lab.Name + '/default'
$existingPolicy = (Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs/policySets/policies' -Name $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15) | Where-Object {$_.Name -eq 'GalleryImage'}
if($existingPolicy)
{
$existingImages = [Array] (ConvertFrom-Json $existingPolicy.Properties.threshold)
$savePolicyChanges = $false
}
else
{
$existingImages = @()
$savePolicyChanges = $true
}
if($existingPolicy.Properties.threshold -eq '[]')
{
Write-Output "Skipping $($lab.Name) because it currently allows all marketplace images"
return
}
$allAvailableImages = Get-AzResource -ResourceType Microsoft.DevTestLab/labs/galleryImages -Name $lab.Name -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview
$finalImages = $existingImages
# loop through the requested images and add them to the finalImages list if they arent already there
foreach($image in $ImagesToAdd)
{
$imageObject = $allAvailableImages | Where-Object {$_.Name -eq $image}
if(!$imageObject)
{
throw "Image $image is not available in the lab"
}
$addImage = $true
$parsedAvailableImage = $imageObject.Properties.imageReference
foreach($finalImage in $finalImages)
{
# determine whether or not the requested image is already allowed in this lab
$parsedFinalImg = ConvertFrom-Json $finalImage
if($parsedFinalImg.offer -eq $parsedAvailableImage.offer -and $parsedFinalImg.publisher -eq $parsedAvailableImage.publisher -and $parsedFinalImg.sku -eq $parsedAvailableImage.sku -and $parsedFinalImg.osType -eq $parsedAvailableImage.osType -and $parsedFinalImg.version -eq $parsedAvailableImage.version)
{
$addImage = $false
break
}
}
if($addImage)
{
Write-Output " Adding image $image to the lab"
$finalImages += ConvertTo-Json $parsedAvailableImage -Compress
$savePolicyChanges = $true
}
}
if(!$savePolicyChanges)
{
Write-Output "No policy changes required for allowed Marketplace Images in lab $($lab.Name)"
}
return @{
existingPolicy = $existingPolicy
savePolicyChanges = $savePolicyChanges
finalImages = $finalImages
}
}
function Set-PolicyChanges ($lab, $policyChanges)
{
if($policyChanges.savePolicyChanges)
{
$thresholdValue = '["'
for($i = 0; $i -lt $policyChanges.finalImages.Length; $i++)
{
$value = $policyChanges.finalImages[$i]
if($i -ne 0)
{
$thresholdValue = $thresholdValue + '","'
}
$thresholdValue = $thresholdValue + $value.Replace('"', '\"')
}
$thresholdValue = $thresholdValue + '"]'
$policyObj = @{
status = 'Enabled'
factName = 'GalleryImage'
threshold = $thresholdValue
evaluatorType = 'AllowedValuesPolicy'
}
$resourceType = "Microsoft.DevTestLab/labs/policySets/policies/galleryimage"
if($policyChanges.existingPolicy)
{
Write-Output "Updating $($lab.Name) Marketplace Images policy"
Set-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview -Properties $policyObj -Force
}
else
{
Write-Output "Creating $($lab.Name) Marketplace Images policy"
New-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview -Properties $policyObj -Force
}
}
}
$lab = Get-Lab
$policyChanges = Get-PolicyChanges $lab
Set-PolicyChanges $lab $policyChanges
此脚本使用以下命令:
命令 | 注释 |
---|---|
Get-AzResource | 获取资源。 |
Set-AzResource | 修改资源。 |
New-AzResource | 创建资源。 |
从 VHD 文件创建自定义映像
此示例 PowerShell 脚本从 Azure 实验室服务中的 VHD 文件创建自定义映像。
# Select the desired Azure subscription.
$subscriptionId = '<Specify your subscription ID here>'
Select-AzSubscription -SubscriptionId $subscriptionId
# Get the lab object.
$labRg = '<Specify your lab resource group name here>'
$labName = '<Specify your lab name here>'
$lab = Get-AzResource -ResourceId ('/subscriptions/' + $subscriptionId + '/resourceGroups/' + $labRg + '/providers/Microsoft.DevTestLab/labs/' + $labName)
# Get the lab storage account and lab storage account key values.
$labStorageAccount = Get-AzResource -ResourceId $lab.Properties.defaultStorageAccount
$labStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $labStorageAccount.ResourceGroupName -Name $labStorageAccount.ResourceName)[0].Value
# Set the URI of the VHD file.
$vhdUri = '<Specify the VHD URI here>'
# Set the custom image name and description values.
$customImageName = '<Specify the custom image name>'
$customImageDescription = '<Specify the custom image description>'
# Set up the parameters object.
$parameters = @{existingLabName="$($lab.Name)"; existingVhdUri=$vhdUri; imageOsType='windows'; isVhdSysPrepped=$false; imageName=$customImageName; imageDescription=$customImageDescription}
# Create the custom image.
New-AzResourceGroupDeployment -ResourceGroupName $lab.ResourceGroupName -Name CreateCustomImage -TemplateUri 'https://raw.githubusercontent.com/Azure/azure-devtestlab/master/Samples/201-dtl-create-customimage-from-vhd/azuredeploy.json' -TemplateParameterObject $parameters
此脚本使用以下命令:
命令 | 注释 |
---|---|
Get-AzResource | 获取资源。 |
Get-AzStorageAccountKey | 获取 Azure 存储帐户的访问密钥。 |
New-AzResourceGroupDeployment | 将 Azure 部署添加到资源组。 |
在实验室中创建自定义角色
此示例 PowerShell 脚本在 Azure 开发测试实验室的实验室中创建要使用的自定义角色。
$rgName = <Specify your lab's resource group name>
$subscriptionId = <Specify your subscription ID>
$labName = <Specify your lab name>
‘List all the operations/actions for a resource provider.
Get-AzProviderOperation -OperationSearchString "Microsoft.DevTestLab/*"
‘List actions in a particular role.
(Get-AzRoleDefinition "DevTest Labs User").Actions
‘Create custom role.
$policyRoleDef = (Get-AzRoleDefinition "DevTest Labs User")
$policyRoleDef.Id = $null
$policyRoleDef.Name = "Policy Contributor"
$policyRoleDef.IsCustom = $true
$policyRoleDef.AssignableScopes.Clear()
$policyRoleDef.AssignableScopes.Add("/subscriptions/" + $subscriptionId)
$policyRoleDef.Actions.Add("Microsoft.DevTestLab/labs/policySets/policies/*")
$policyRoleDef = (New-AzRoleDefinition -Role $policyRoleDef)
$user=Get-AzADUser -SearchString "SomeUser"
$scope = '/subscriptions/' + subscriptionId + '/resourceGroups/' + $rgName + '/providers/Microsoft.DevTestLab/labs/' + $labName + '/policySets/default/policies/AllowedVmSizesInLab'
New-AzRoleAssignment -ObjectId $user.ObjectId -RoleDefinitionName "Policy Contributor" -Scope $scope
此脚本使用以下命令:
命令 | 说明 |
---|---|
Get-AzProviderOperation | 使用 Azure 基于角色的访问控制获取作为安全对象的 Azure 资源提供程序的操作。 |
Get-AzRoleDefinition | 列出所有可用于分配的 Azure 角色。 |
New-AzRoleDefinition | 创建自定义角色。 |
设置允许的虚拟机大小
此示例 PowerShell 脚本在 Azure 实验室服务中设置允许的虚拟机大小。
param
(
[Parameter(Mandatory=$true, HelpMessage="The name of the DevTest Lab to update")]
[string] $DevTestLabName,
[Parameter(Mandatory=$true, HelpMessage="The array of VM Sizes to be added")]
[Array] $SizesToAdd
)
function Get-Lab
{
$lab = Find-AzResource -ResourceType 'Microsoft.DevTestLab/labs' -ResourceNameEquals $DevTestLabName
if(!$lab)
{
throw "Lab named $DevTestLabName was not found"
}
return $lab
}
function Get-PolicyChanges ($lab)
{
#start by finding the existing policy
$script:labResourceName = $lab.Name + '/default'
$existingPolicy = (Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs/policySets/policies' -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15) | Where-Object {$_.Name -eq 'AllowedVmSizesInLab'}
if($existingPolicy)
{
$existingSizes = $existingPolicy.Properties.threshold
$savePolicyChanges = $false
}
else
{
$existingSizes = ''
$savePolicyChanges = $true
}
if($existingPolicy.Properties.threshold -eq '[]')
{
Write-Output "Skipping $($lab.Name) because it currently allows all sizes"
return
}
# Make a list of all the sizes. It needs all their current sizes as well as any from our list that arent already there
$finalVmSizes = $existingSizes.Replace('[', '').Replace(']', '').Split(',',[System.StringSplitOptions]::RemoveEmptyEntries)
foreach($vmSize in $SizesToAdd)
{
$quotedSize = '"' + $vmSize + '"'
if(!$finalVmSizes.Contains($quotedSize))
{
$finalVmSizes += $quotedSize
$savePolicyChanges = $true
}
}
if(!$savePolicyChanges)
{
Write-Output "No policy changes required for VMSize in lab $($lab.Name)"
}
return @{
existingPolicy = $existingPolicy
savePolicyChanges = $savePolicyChanges
finalVmSizes = $finalVmSizes
}
}
function Set-PolicyChanges ($lab, $policyChanges)
{
if($policyChanges.savePolicyChanges)
{
$thresholdValue = ('[' + [String]::Join(',', $policyChanges.finalVmSizes) + ']')
$policyObj = @{
subscriptionId = $lab.SubscriptionId
status = 'Enabled'
factName = 'LabVmSize'
resourceGroupName = $lab.ResourceGroupName
labName = $lab.Name
policySetName = 'default'
name = $lab.Name + '/default/allowedvmsizesinlab'
threshold = $thresholdValue
evaluatorType = 'AllowedValuesPolicy'
}
$resourceType = "Microsoft.DevTestLab/labs/policySets/policies/AllowedVmSizesInLab"
if($policyChanges.existingPolicy)
{
Write-Output "Updating $($lab.Name) VM Size policy"
Set-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15 -Properties $policyObj -Force
}
else
{
Write-Output "Creating $($lab.Name) VM Size policy"
New-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15 -Properties $policyObj -Force
}
}
}
$lab = Get-Lab
$policyChanges = Get-PolicyChanges $lab
Set-PolicyChanges $lab $policyChanges
命令 | 注释 |
---|---|
Get-AzResource | 获取资源。 |
Set-AzResource | 修改资源。 |
New-AzResource | 创建资源。 |
后续步骤
有关 Azure PowerShell 的详细信息,请参阅 Azure PowerShell 文档。
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈