您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

适用于 Windows 的虚拟机扩展和功能Virtual machine extensions and features for Windows

Azure 虚拟机扩展是小型应用程序,可在Azure 虚拟机上提供部署后配置和自动化任务。Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. 例如,如果虚拟机要求安装软件、防病毒保护或 Docker 配置,便可以使用 VM 扩展来完成这些任务。For example, if a virtual machine requires software installation, anti-virus protection, or Docker configuration, a VM extension can be used to complete these tasks. 可以使用 Azure CLI、PowerShell、Azure 资源管理器模板和 Azure 门户运行 Azure VM 扩展。Azure VM extensions can be run by using the Azure CLI, PowerShell, Azure Resource Manager templates, and the Azure portal. 扩展可与新虚拟机部署捆绑在一起,也可以针对任何现有系统运行。Extensions can be bundled with a new virtual machine deployment or run against any existing system.

本文档提供了虚拟机扩展的概述、使用虚拟机扩展的先决条件,以及有关如何检测、管理和删除虚拟机扩展的指南。This document provides an overview of virtual machine extensions, prerequisites for using virtual machine extensions, and guidance on how to detect, manage, and remove virtual machine extensions. 本文档提供的是通用信息,因为有许多 VM 扩展可用,每个扩展可能具有独特的配置。This document provides generalized information because many VM extensions are available, each with a potentially unique configuration. 可以在各个扩展特定的各个文档中找到扩展特定的详细信息。Extension-specific details can be found in each document specific to the individual extension.

用例和示例Use cases and samples

有许多不同的 Azure VM 扩展可用,每个都有特定用例。There are many different Azure VM extensions available, each with a specific use case. 一些示例用例包括:Some example use cases are:

除了进程特定的扩展外,“自定义脚本”扩展也可用于 Windows 和 Linux 虚拟机。In addition to process-specific extensions, a Custom Script extension is available for both Windows and Linux virtual machines. 适用于 Windows 的自定义脚本扩展允许在虚拟机上运行任何 PowerShell 脚本。The Custom Script extension for Windows allows any PowerShell script to be run on a virtual machine. 在设计需要本机 Azure 工具无法提供的配置的 Azure 部署时,这很有用。This is useful when you're designing Azure deployments that require configuration beyond what native Azure tooling can provide. 有关详细信息,请参阅 Windows VM 自定义脚本扩展For more information, see Windows VM Custom Script extension.

先决条件Prerequisites

每个虚拟机扩展可能都有其自己的一组先决条件。Each virtual machine extension may have its own set of prerequisites. 例如,Docker VM 扩展有支持的 Linux 分发的先决条件。For instance, the Docker VM extension has a prerequisite of a supported Linux distribution. 特定于扩展的文档中详细介绍了各个扩展的要求。Requirements of individual extensions are detailed in the extension-specific documentation.

Azure VM 代理Azure VM agent

Azure VM 代理可管理 Azure 虚拟机与 Azure 结构控制器之间的交互。The Azure VM agent manages interaction between an Azure virtual machine and the Azure fabric controller. VM 代理负责部署和管理 Azure 虚拟机的许多功能层面,包括运行 VM 扩展。The VM agent is responsible for many functional aspects of deploying and managing Azure virtual machines, including running VM extensions. Azure VM 代理预先安装在 Azure Marketplace 映像上,并可安装在受支持的操作系统上。The Azure VM agent is preinstalled on Azure Marketplace images and can be installed on supported operating systems.

有关受支持的操作系统以及安装说明的信息,请参阅 Azure virtual machine agent(Azure 虚拟机代理)。For information on supported operating systems and installation instructions, see Azure virtual machine agent.

发现 VM 扩展Discover VM extensions

有许多不同的 VM 扩展可与 Azure 虚拟机配合使用。Many different VM extensions are available for use with Azure virtual machines. 若要查看完整列表,请使用 Azure 资源管理器 PowerShell 模块运行以下命令。To see a complete list, run the following command with the Azure Resource Manager PowerShell module. 在运行此命令时,请确保指定所需的位置。Make sure to specify the desired location when you're running this command.

Get-AzureRmVmImagePublisher -Location WestUS | `
Get-AzureRmVMExtensionImageType | `
Get-AzureRmVMExtensionImage | Select Type, Version

运行 VM 扩展Run VM extensions

Azure 虚拟机扩展可以在现有虚拟机上运行,当需要在已部署的 VM 上进行配置更改或恢复连接时,这很有用。Azure virtual machine extensions can be run on existing virtual machines, which is useful when you need to make configuration changes or recover connectivity on an already deployed VM. VM 扩展还可以与 Azure 资源管理器模板部署捆绑。VM extensions can also be bundled with Azure Resource Manager template deployments. 可以将扩展与 Resource Manager 模板配合使用来部署并配置 Azure 虚拟机,在部署后无需干预。By using extensions with Resource Manager templates, you can enable Azure virtual machines to be deployed and configured without the need for post-deployment intervention.

可使用以下方法针对现有虚拟机运行扩展。The following methods can be used to run an extension against an existing virtual machine.

PowerShellPowerShell

存在多个用于运行单个扩展的 PowerShell 命令。Several PowerShell commands exist for running individual extensions. 若要查看列表,请运行以下 PowerShell 命令。To see a list, run the following PowerShell commands.

get-command Set-AzureRM*Extension* -Module AzureRM.Compute

这会提供类似以下内容的输出:This provides output similar to the following:

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Set-AzureRmVMAccessExtension                       2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMADDomainExtension                     2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMAEMExtension                          2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMBackupExtension                       2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMBginfoExtension                       2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMChefExtension                         2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMCustomScriptExtension                 2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMDiagnosticsExtension                  2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMDiskEncryptionExtension               2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMDscExtension                          2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMExtension                             2.2.0      AzureRM.Compute
Cmdlet          Set-AzureRmVMSqlServerExtension                    2.2.0      AzureRM.Compute

以下示例使用自定义脚本扩展从 GitHub 存储库将脚本下载到目标虚拟机上,然后运行该脚本。The following example uses the Custom Script extension to download a script from a GitHub repository onto the target virtual machine and then run the script. 有关 VM 访问扩展的详细信息,请参阅自定义脚本扩展概述For more information on the Custom Script extension, see Custom Script extension overview.

Set-AzureRmVMCustomScriptExtension -ResourceGroupName "myResourceGroup" `
    -VMName "myVM" -Name "myCustomScript" `
    -FileUri "https://raw.githubusercontent.com/neilpeterson/nepeters-azure-templates/master/windows-custom-script-simple/support-scripts/Create-File.ps1" `
    -Run "Create-File.ps1" -Location "West US"

在此示例中,VM 访问扩展用于重置 Windows 虚拟机的管理密码。In this example, the VM Access extension is used to reset the administrative password of a Windows virtual machine. 有关 VM 访问扩展的详细信息,请参阅重置 Windows VM 中的远程桌面服务For more information on the VM Access extension, see Reset Remote Desktop service in a Windows VM.

$cred=Get-Credential

Set-AzureRmVMAccessExtension -ResourceGroupName "myResourceGroup" -VMName "myVM" -Name "myVMAccess" `
    -Location WestUS -UserName $cred.GetNetworkCredential().Username `
    -Password $cred.GetNetworkCredential().Password -typeHandlerVersion "2.0"

可以使用 Set-AzureRmVMExtension 命令来启动任何 VM 扩展。The Set-AzureRmVMExtension command can be used to start any VM extension. 有关详细信息,请参阅 Set-AzureRmVMExtension 参考For more information, see the Set-AzureRmVMExtension reference.

Azure 门户Azure portal

可通过 Azure 门户将 VM 扩展应用到现有虚拟机。A VM extension can be applied to an existing virtual machine through the Azure portal. 为此,请选择要使用的虚拟机,选择“扩展”,并单击“添加”。To do so, select the virtual machine you want to use, choose Extensions, and click Add. 这会提供可用扩展的列表。This provides a list of available extensions. 选择所需的扩展并按照向导中的步骤进行操作。Select the one you want and follow the steps in the wizard.

下图显示了从 Azure 门户安装 Microsoft 反恶意软件扩展。The following image shows the installation of the Microsoft Antimalware extension from the Azure portal.

安装反恶意软件扩展

Azure 资源管理器模板Azure Resource Manager templates

VM 扩展可添加到 Azure 资源管理器模板,并在部署模板的过程中执行。VM extensions can be added to an Azure Resource Manager template and executed with the deployment of the template. 使用模板部署扩展对于创建完全配置的 Azure 部署很有用。Deploying extensions with a template is useful for creating fully configured Azure deployments. 例如,以下 JSON 取自一个 Resource Manager 模板,该模板会在每个 VM 上部署一组负载均衡的虚拟机、一个 Azure SQL 数据库,然后安装一个 .NET Core 应用程序。For example, the following JSON is taken from a Resource Manager template that deploys a set of load-balanced virtual machines and an Azure SQL database, and then installs a .NET Core application on each VM. VM 扩展负责安装软件。The VM extension takes care of the software installation.

有关详细信息,请参阅完整的 Resource Manager 模板For more information, see the full Resource Manager template.

{
    "apiVersion": "2015-06-15",
    "type": "extensions",
    "name": "config-app",
    "location": "[resourceGroup().location]",
    "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'),copyindex())]",
    "[variables('musicstoresqlName')]"
    ],
    "tags": {
    "displayName": "config-app"
    },
    "properties": {
    "publisher": "Microsoft.Compute",
    "type": "CustomScriptExtension",
    "typeHandlerVersion": "1.4",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-windows/scripts/configure-music-app.ps1"
        ]
    },
    "protectedSettings": {
        "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File configure-music-app.ps1 -user ',parameters('adminUsername'),' -password ',parameters('adminPassword'),' -sqlserver ',variables('musicstoresqlName'),'.database.windows.net')]"
    }
    }
}

有关详细信息,请参阅使用 Windows VM 扩展创作 Azure 资源管理器模板For more information, see Authoring Azure Resource Manager templates with Windows VM extensions.

保护 VM 扩展数据Secure VM extension data

运行 VM 扩展时,可能需要包括敏感信息,例如凭据、存储帐户名称和存储帐户访问密钥。When you're running a VM extension, it may be necessary to include sensitive information such as credentials, storage account names, and storage account access keys. 许多 VM 扩展包括受保护的配置,该配置对数据进行加密并且仅在目标虚拟机内才对数据进行解密。Many VM extensions include a protected configuration that encrypts data and only decrypts it inside the target virtual machine. 每个扩展都有一个特定的受保护的配置架构,扩展特定的文档中详述了各个架构。Each extension has a specific protected configuration schema that will be detailed in extension-specific documentation.

以下示例显示了适用于 Windows 的自定义脚本扩展的一个实例。The following example shows an instance of the Custom Script extension for Windows. 请注意,要执行的命令包含一组凭据。Notice that the command to execute includes a set of credentials. 在此示例中,不会加密要执行的命令。In this example, the command to execute will not be encrypted.

{
    "apiVersion": "2015-06-15",
    "type": "extensions",
    "name": "config-app",
    "location": "[resourceGroup().location]",
    "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'),copyindex())]",
    "[variables('musicstoresqlName')]"
    ],
    "tags": {
    "displayName": "config-app"
    },
    "properties": {
    "publisher": "Microsoft.Compute",
    "type": "CustomScriptExtension",
    "typeHandlerVersion": "1.4",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-windows/scripts/configure-music-app.ps1"
        ],
        "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File configure-music-app.ps1 -user ',parameters('adminUsername'),' -password ',parameters('adminPassword'),' -sqlserver ',variables('musicstoresqlName'),'.database.windows.net')]"
    }
    }
}

要执行的命令属性移动到受保护的配置以保护执行字符串。Secure the execution string by moving the command to execute property to the protected configuration.

{
    "apiVersion": "2015-06-15",
    "type": "extensions",
    "name": "config-app",
    "location": "[resourceGroup().location]",
    "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'),copyindex())]",
    "[variables('musicstoresqlName')]"
    ],
    "tags": {
    "displayName": "config-app"
    },
    "properties": {
    "publisher": "Microsoft.Compute",
    "type": "CustomScriptExtension",
    "typeHandlerVersion": "1.4",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "fileUris": [
        "https://raw.githubusercontent.com/Microsoft/dotnet-core-sample-templates/master/dotnet-core-music-windows/scripts/configure-music-app.ps1"
        ]
    },
    "protectedSettings": {
        "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File configure-music-app.ps1 -user ',parameters('adminUsername'),' -password ',parameters('adminPassword'),' -sqlserver ',variables('musicstoresqlName'),'.database.windows.net')]"
    }
    }
}

排查 VM 扩展的问题Troubleshoot VM extensions

每个 VM 扩展可能都有特定的故障排除步骤。Each VM extension may have specific troubleshooting steps. 例如,使用自定义脚本扩展时,可在运行该扩展的本地虚拟机上找到脚本执行详细信息。For instance, when you're using the Custom Script extension, script execution details can be found locally on the virtual machine on which the extension was run. 任何特定于扩展的故障排除步骤均在特定于扩展的文档中详细说明。Any extension-specific troubleshooting steps are detailed in extension-specific documentation.

以下故障排除步骤适用于所有虚拟机扩展。The following troubleshooting steps apply to all virtual machine extensions.

查看扩展状态View extension status

针对虚拟机运行虚拟机扩展后,使用以下 PowerShell 命令返回扩展状态。After a virtual machine extension has been run against a virtual machine, use the following PowerShell command to return extension status. 请将示例参数名称替换成自己的值。Replace example parameter names with your own values. Name 参数采用执行时提供给扩展的名称。The Name parameter takes the name given to the extension at execution time.

Get-AzureRmVMExtension -ResourceGroupName myResourceGroup -VMName myVM -Name myExtensionName

输出如下所示:The output looks like the following:

ResourceGroupName       : myResourceGroup
VMName                  : myVM
Name                    : myExtensionName
Location                : westus
Etag                    : null
Publisher               : Microsoft.Azure.Extensions
ExtensionType           : DockerExtension
TypeHandlerVersion      : 1.0
Id                      : /subscriptions/mySubscriptionIS/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM/extensions/myExtensionName
PublicSettings          :
ProtectedSettings       :
ProvisioningState       : Succeeded
Statuses                :
SubStatuses             :
AutoUpgradeMinorVersion : False
ForceUpdateTag          :

此外,还可以在 Azure 门户中找到扩展执行状态。Extension execution status can also be found in the Azure portal. 要查看扩展的状态,请选择虚拟机,选择“扩展”,并选择所需的扩展。To view the status of an extension, select the virtual machine, choose Extensions, and select the desired extension.

重新运行 VM 扩展Rerun VM extensions

在某些情况下,可能需要重新运行虚拟机扩展。There may be cases in which a virtual machine extension needs to be rerun. 这可以通过删除扩展,并使用所选执行方法重新运行扩展来实现。You can do this by removing the extension and then rerunning the extension with an execution method of your choice. 若要删除扩展,请使用 Azure PowerShell 模块运行以下命令。To remove an extension, run the following command with the Azure PowerShell module. 请将示例参数名称替换成自己的值。Replace example parameter names with your own values.

Remove-AzureRmVMExtension -ResourceGroupName myResourceGroup -VMName myVM -Name myExtensionName

此外,还可以使用 Azure 门户来删除扩展。An extension can also be removed using the Azure portal. 为此,请执行以下操作:To do so:

  1. 选择一个虚拟机。Select a virtual machine.
  2. 选择“扩展”。Select Extensions.
  3. 选择所需的扩展。Choose the desired extension.
  4. 选择“卸载”。Select Uninstall.

常见 VM 扩展参考Common VM extensions reference

扩展名称Extension name 说明Description 详细信息More information
适用于 Windows 的自定义脚本扩展Custom Script Extension for Windows 针对 Azure 虚拟机运行脚本Run scripts against an Azure virtual machine 适用于 Windows 的自定义脚本扩展Custom Script Extension for Windows
适用于 Windows 的 DSC 扩展DSC Extension for Windows PowerShell DSC(所需状态配置)扩展PowerShell DSC (Desired State Configuration) Extension 适用于 Windows 的 DSC 扩展DSC Extension for Windows
Azure 诊断扩展Azure Diagnostics Extension 管理 Azure 诊断Manage Azure Diagnostics Azure 诊断扩展Azure Diagnostics Extension
Azure VM 访问扩展Azure VM Access Extension 管理用户和凭据Manage users and credentials 适用于 Linux 的 VM 访问扩展VM Access Extension for Linux