使用 Azure CLI 管理資源並部署至 Azure Stack HubManage and deploy resources to Azure Stack Hub with Azure CLI

適用於:Azure Stack Hub 整合系統Applies to: Azure Stack Hub integrated systems

遵循本文中的步驟,設定 Azure Command-Line 介面 (CLI) 來管理 Linux、Mac 和 Windows 用戶端平臺的 Azure Stack Hub 資源。Follow the steps in this article to set up the Azure Command-Line Interface (CLI) to manage Azure Stack Hub resources from Linux, Mac, and Windows client platforms.

針對 Azure CLI 進行準備Prepare for Azure CLI

虛擬機器別名端點 會提供別名,例如 "UbuntuLTS" 或 "Win2012Datacenter"。The virtual machine aliases endpoint provides an alias, like "UbuntuLTS" or "Win2012Datacenter." 此別名會參考映像發行者、供應項目、SKU 和版本,作為部署 VM 時的單一參數。This alias references an image publisher, offer, SKU, and version as a single parameter when deploying VMs.

下一節說明如何設定虛擬機器別名端點。The following section describes how to set up the virtual machine aliases endpoint.

設定虛擬機器別名端點Set up the virtual machine aliases endpoint

您可以設定裝載 VM 別名檔案的可公開存取端點。You can set up a publicly accessible endpoint that hosts a VM alias file. VM 別名檔案是為映像提供通用名稱的 JSON 檔案。The VM alias file is a JSON file that provides a common name for an image. 您會在部署 VM 作為 Azure CLI 參數時使用此名稱。You use the name when you deploy a VM as an Azure CLI parameter.

  1. 如果您發行自訂映像,請記下您在發行時所指定的發行者、供應項目、SKU 及版本資訊。If you publish a custom image, make note of the publisher, offer, SKU, and version information that you specified during publishing. 如果是來自 Marketplace 的映射,您可以使用 Cmdlet 來查看資訊 Get-AzureVMImageIf it's an image from the Marketplace, you can view the information by using the Get-AzureVMImage cmdlet.

  2. 從 GitHub 下載範例檔案Download the sample file from GitHub.

  3. 在 Azure Stack Hub 中建立儲存體帳戶。Create a storage account in Azure Stack Hub. 完成時,建立 Blob 容器。When that's done, create a blob container. 將存取原則設定為「公用」。Set the access policy to "public."

  4. 將 JSON 檔案上傳到新的容器。Upload the JSON file to the new container. 完成時,您可以檢視 Blob 的 URL。When that's done, you can view the URL of the blob. 選取 Blob 名稱,然後選取 Blob 屬性中的 URL。Select the blob name and then selecting the URL from the blob properties.

安裝或升級 CLIInstall or upgrade CLI

登入您的開發工作站並安裝 CLI。Sign in to your development workstation and install CLI. Azure Stack Hub 需要有 Azure CLI 2.0 版或更新版本。Azure Stack Hub requires version 2.0 or later of Azure CLI. API 設定檔的最新版本需要目前的 CLI 版本。The latest version of the API Profiles requires a current version of the CLI. 您可使用安裝 Azure CLI 一文中所述的步驟來安裝 CLI。You install the CLI by using the steps described in the Install the Azure CLI article.

若要確認安裝是否成功,請開啟終端機或命令提示字元視窗,並執行下列命令:To verify whether the installation was successful, open a terminal or command prompt window and run the following command:

az --version

您應該會看到 Azure CLI 的號碼和您電腦上安裝的其他相依程式庫。You should see the version of Azure CLI and other dependent libraries that are installed on your computer.

Azure Stack Hub Python 上的 Azure CLI 位置

Windows/Linux (Azure AD) Windows/Linux (Azure AD)

如果您要使用 Azure AD 作為身分識別管理服務,並在 Windows/Linux 電腦上使用 CLI,本節會逐步引導您設定 CLI。This section walks you through setting up CLI if you're using Azure AD as your identity management service, and are using CLI on a Windows/Linux machine.

連線至 Azure Stack HubConnect to Azure Stack Hub

  1. 執行 az cloud register 命令來註冊 Azure Stack Hub 環境。Register your Azure Stack Hub environment by running the az cloud register command.

  2. 註冊您的環境。Register your environment. 在執行 az cloud register 時使用下列參數:Use the following parameters when running az cloud register:

    Value 範例Example 描述Description
    環境名稱Environment name AzureStackUserAzureStackUser 若為使用者環境,請使用 AzureStackUserUse AzureStackUser for the user environment. 如果您是操作員,請指定 AzureStackAdminIf you're operator, specify AzureStackAdmin.
    Resource Manager 端點Resource Manager endpoint https://management.local.azurestack.external 整合系統中的 ResourceManagerUrl 是: https://management.<region>.<fqdn>/ 如果您有關于整合系統端點的問題,請洽詢您的雲端操作員。The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
    儲存體端點Storage endpoint local.azurestack.externallocal.azurestack.external 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    Keyvault 尾碼Keyvault suffix .vault.local.azurestack.external.vault.local.azurestack.external 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    VM 映像別名文件端點-VM image alias doc endpoint- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json 文件 URI,其中包含 VM 映像別名。URI of the document, which contains VM image aliases. 如需詳細資訊,請參閱設定 VM 別名端點For more info, see Set up the VM aliases endpoint.
    az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
    
  3. 使用下列命令來設定作用中環境。Set the active environment by using the following commands.

    az cloud set -n <environmentname>
    
  4. 將您的環境組態更新成使用 Azure Stack Hub 特定的 API 版本設定檔。Update your environment configuration to use the Azure Stack Hub specific API version profile. 若要更新組態,請執行下列命令:To update the configuration, run the following command:

    az cloud update --profile 2019-03-01-hybrid
    
  5. 使用 az login 命令來登入 Azure Stack Hub 環境。Sign in to your Azure Stack Hub environment by using the az login command. 以使用者身分或以服務主體形式登入 Azure Stack Hub 環境。Sign in to the Azure Stack Hub environment either as a user or as a service principal.

    • 使用者 的身份登入:Sign in as a user:

      您可以直接在 az login 命令內指定使用者名稱和密碼,或使用瀏覽器進行驗證。You can either specify the username and password directly within the az login command, or authenticate by using a browser. 如果您的帳戶已啟用多重要素驗證,則必須採用後者方式:You must do the latter if your account has multi-factor authentication enabled:

      az login -u <Active directory global administrator or user account. For example: username@<aadtenant>.onmicrosoft.com> --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com>
      

      注意

      如果您的使用者帳戶已啟用多重要素驗證,請使用 az login 命令,而不需提供 -u 參數。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter. 執行此命令可提供您一個 URL 以及必須用來進行驗證的代碼。Running this command gives you a URL and a code that you must use to authenticate.

    • 使用 服務主體 來登入:Sign in as a service principal:

      在登入之前,請透過 Azure 入口網站或 CLI 建立服務主體,並為它指派角色。Before you sign in, create a service principal through the Azure portal or CLI and assign it a role. 現在,請使用下列命令登入:Now, sign in by using the following command:

      az login --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com> --service-principal -u <Application Id of the Service Principal> -p <Key generated for the Service Principal>
      

測試連線Test the connectivity

一切都已準備就緒後,請使用 CLI 在 Azure Stack Hub 中建立資源。With everything set up, use CLI to create resources within Azure Stack Hub. 例如,您可以建立應用程式的資源群組並新增 VM。For example, you can create a resource group for an app and add a VM. 若要建立名為 "MyResourceGroup" 的資源群組,請使用下列命令:Use the following command to create a resource group named "MyResourceGroup":

az group create -n MyResourceGroup -l local

如果資源群組成功建立,先前的命令會輸出新建立資源的下列內容:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:

資源群組建立輸出

Windows/Linux (AD FS) Windows/Linux (AD FS)

如果您使用 Active Directory 同盟服務 (AD FS) 作為身分識別管理服務,並在 Windows/Linux 電腦上使用 CLI,本節會逐步引導您設定 CLI。This section walks you through setting up CLI if you're using Active Directory Federated Services (AD FS) as your identity management service, and are using CLI on a Windows/Linux machine.

連線至 Azure Stack HubConnect to Azure Stack Hub

  1. 執行 az cloud register 命令來註冊 Azure Stack Hub 環境。Register your Azure Stack Hub environment by running the az cloud register command.

  2. 註冊您的環境。Register your environment. 在執行 az cloud register 時使用下列參數:Use the following parameters when running az cloud register:

    Value 範例Example 描述Description
    環境名稱Environment name AzureStackUserAzureStackUser 若為使用者環境,請使用 AzureStackUserUse AzureStackUser for the user environment. 如果您是操作員,請指定 AzureStackAdminIf you're operator, specify AzureStackAdmin.
    Resource Manager 端點Resource Manager endpoint https://management.local.azurestack.external 整合系統中的 ResourceManagerUrl 是: https://management.<region>.<fqdn>/ 如果您有關于整合系統端點的問題,請洽詢您的雲端操作員。The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
    儲存體端點Storage endpoint local.azurestack.externallocal.azurestack.external 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    Keyvault 尾碼Keyvault suffix .vault.local.azurestack.external.vault.local.azurestack.external 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    VM 映像別名文件端點-VM image alias doc endpoint- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json 文件 URI,其中包含 VM 映像別名。URI of the document, which contains VM image aliases. 如需詳細資訊,請參閱設定 VM 別名端點For more info, see Set up the VM aliases endpoint.
    az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
    
  3. 使用下列命令來設定作用中環境。Set the active environment by using the following commands.

    az cloud set -n <environmentname>
    
  4. 將您的環境組態更新成使用 Azure Stack Hub 特定的 API 版本設定檔。Update your environment configuration to use the Azure Stack Hub specific API version profile. 若要更新組態,請執行下列命令:To update the configuration, run the following command:

    az cloud update --profile 2019-03-01-hybrid
    
  5. 使用 az login 命令來登入 Azure Stack Hub 環境。Sign in to your Azure Stack Hub environment by using the az login command. 您可以使用者身分或以服務主體形式登入 Azure Stack Hub 環境。You can sign in to the Azure Stack Hub environment either as a user or as a service principal.

    • 使用者 的身份登入:Sign in as a user:

      您可以直接在 az login 命令內指定使用者名稱和密碼,或使用瀏覽器進行驗證。You can either specify the username and password directly within the az login command, or authenticate by using a browser. 如果您的帳戶已啟用多重要素驗證,則必須採用後者方式:You must do the latter if your account has multi-factor authentication enabled:

      az cloud register  -n <environmentname>   --endpoint-resource-manager "https://management.local.azurestack.external"  --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>   --profile "2019-03-01-hybrid"
      

      注意

      如果您的使用者帳戶已啟用多重要素驗證,請使用 az login 命令,而不需提供 -u 參數。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter. 執行此命令可提供您一個 URL 以及必須用來進行驗證的代碼。Running this command gives you a URL and a code that you must use to authenticate.

    • 使用 服務主體 來登入:Sign in as a service principal:

      準備要用於服務主體登入的.pem 檔案。Prepare the .pem file to be used for service principal login.

      在建立主體的用戶端電腦上,使用私密金鑰 (位於 cert:\CurrentUser\My) 將服務主體憑證匯出為 pfx。On the client machine where the principal was created, export the service principal certificate as a pfx with the private key located at cert:\CurrentUser\My. 憑證名稱與主體的名稱相同。The cert name has the same name as the principal.

      將 pfx 轉換為 pem (使用 OpenSSL 公用程式)。Convert the pfx to pem (use the OpenSSL utility).

      登入 CLI:Sign in to the CLI:

      az login --service-principal \
      -u <Client ID from the Service Principal details> \
      -p <Certificate's fully qualified name, such as, C:\certs\spn.pem>
      --tenant <Tenant ID> \
      --debug 
      

測試連線Test the connectivity

一切都已準備就緒後,請使用 CLI 在 Azure Stack Hub 中建立資源。With everything set up, use CLI to create resources within Azure Stack Hub. 例如,您可以建立應用程式的資源群組並新增 VM。For example, you can create a resource group for an app and add a VM. 若要建立名為 "MyResourceGroup" 的資源群組,請使用下列命令:Use the following command to create a resource group named "MyResourceGroup":

az group create -n MyResourceGroup -l local

如果資源群組成功建立,先前的命令會輸出新建立資源的下列內容:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:

資源群組建立輸出

已知問題Known issues

在 Azure Stack Hub 中使用 CLI 有一些已知問題:There are known issues when using CLI in Azure Stack Hub:

  • CLI 互動模式。The CLI interactive mode. 例如,az interactive 命令在 Azure Stack Hub 中尚未支援。For example, the az interactive command, isn't yet supported in Azure Stack Hub.
  • 若要取得 Azure Stack Hub 中的可用 VM 映像清單,請使用 az vm image list --all 命令,而非 az vm image list 命令。To get the list of VM images available in Azure Stack Hub, use the az vm image list --all command instead of the az vm image list command. 指定 --all 選項可確保回應只會傳回您 Azure Stack Hub 環境中可用的映像。Specifying the --all option ensures that the response returns only the images that are available in your Azure Stack Hub environment.
  • Azure 中可用的 VM 映像別名可能不適用於 Azure Stack Hub。VM image aliases that are available in Azure may not be applicable to Azure Stack Hub. 使用 VM 映像時,您必須使用整個 URN 參數 (Canonical:UbuntuServer:14.04.3-LTS:1.0.0),而非映像別名。When using VM images, you must use the entire URN parameter (Canonical:UbuntuServer:14.04.3-LTS:1.0.0) instead of the image alias. 此 URN 必須符合從 az vm images list 命令衍生的映像規格。This URN must match the image specifications as derived from the az vm images list command.

後續步驟Next steps