在 Azure Stack Hub 上安裝 Azure CLIInstall Azure CLI on Azure Stack Hub

您可以安裝 Azure CLI 來管理 Windows 或 Linux 機器的 Azure Stack Hub。You can install the Azure CLI to manage Azure Stack Hub with a Windows or Linux machines. 本文將逐步引導您完成安裝和設定 Azure CLI 的步驟。This article walks you through the steps of installing and setting up Azure CLI.

安裝 Azure CLIInstall Azure CLI

  1. 登入您的開發工作站並安裝 CLI。Sign in to your development workstation and install CLI. Azure Stack Hub 需要有 Azure CLI 2.0 版或更新版本。Azure Stack Hub requires version 2.0 or later of Azure CLI.

  2. 您可以使用安裝 Azure CLI 一文中所述的步驟來安裝 CLI。You can install the CLI by using the steps described in the Install the Azure CLI article.

  3. 若要確認安裝是否成功,請開啟終端機或命令提示字元視窗,並執行下列命令:To verify whether the installation was successful, open a terminal or command prompt window and run the following command:

    az --version
    

    您應該會看到 Azure CLI 的號碼和您電腦上安裝的其他相依程式庫。You should see the version of Azure CLI and other dependent libraries that are installed on your computer.

    Azure Stack Hub Python 上的 Azure CLI 位置

  4. 記下 CLI 的 Python 位置。Make a note of the CLI's Python location. 如果您正在執行 ASDK,則需要使用此位置來新增憑證。If you're running the ASDK, you need to use this location to add your certificate. 如需設定憑證以在 ASDK 上安裝 CLI 的指示,請參閱 Azure Stack 開發套件上的 Azure CLI 設定憑證For instructions on setting up certificates for installing the CLI on the ASDK, see Setting up certificates for Azure CLI on Azure Stack Development Kit.

使用 Azure CLI 連接Connect with Azure CLI

在您要使用 Azure AD 作為身分識別管理服務,並在 Windows 電腦上使用 CLI 的前提下,本節可逐步引導您設定 CLI。This section walks you through setting up CLI if you're using Azure AD as your identity management service, and are using CLI on a Windows machine.

連線至 Azure Stack HubConnect to Azure Stack Hub

  1. 如果您使用的是 ASDK,請信任 Azure Stack Hub CA 根憑證。If you are using the ASDK, trust the Azure Stack Hub CA root certificate. 如需指示,請參閱 信任憑證For instruction, see Trust the certificate.

  2. 執行 az cloud register 命令來註冊 Azure Stack Hub 環境。Register your Azure Stack Hub environment by running the az cloud register command.

  3. 註冊您的環境。Register your environment. 在執行 az cloud register 時使用下列參數:Use the following parameters when running az cloud register:

    Value 範例Example 描述Description
    環境名稱Environment name AzureStackUserAzureStackUser 若為使用者環境,請使用 AzureStackUserUse AzureStackUser for the user environment. 如果您是操作員,請指定 AzureStackAdminIf you're operator, specify AzureStackAdmin.
    Resource Manager 端點Resource Manager endpoint https://management.contoso.onmicrosoft.com ASDK 中的 ResourceManagerUrl 是: https://management.local.azurestack.external/ 整合系統中的 ResourceManagerUrl 是: https://management.<region>.<fqdn>/ 如果您有關于整合系統端點的問題,請洽詢您的雲端操作員。The ResourceManagerUrl in the ASDK is: https://management.local.azurestack.external/ The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
    儲存體端點Storage endpoint local.contoso.onmicrosoft.comlocal.contoso.onmicrosoft.com local.azurestack.external 適用於 ASDK。local.azurestack.external is for the ASDK. 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    Keyvault 尾碼Keyvault suffix . vault.contoso.onmicrosoft.com.vault.contoso.onmicrosoft.com .vault.local.azurestack.external 適用於 ASDK。.vault.local.azurestack.external is for the ASDK. 若為整合系統,請使用您系統的端點。For an integrated system, use an endpoint for your system.
    端點 active directory graph 資源識別碼Endpoint active directory graph resource ID https://graph.windows.net/ Active Directory 資源識別碼。The Active Directory resource ID.
    az cloud register `
        -n <environmentname> `
        --endpoint-resource-manager "https://management.<region>.<fqdn>" `
        --suffix-storage-endpoint "<fqdn>" `
        --suffix-keyvault-dns ".vault.<fqdn>" `
        --endpoint-active-directory-graph-resource-id "https://graph.windows.net/"
    

    您可以在 Azure CLI 參考檔中找到 register 命令 的參考。You can find a reference for the register command in the Azure CLI reference documentation.

  4. 使用下列命令來設定作用中環境。Set the active environment by using the following commands.

    az cloud set -n <environmentname>
    
  5. 將您的環境組態更新成使用 Azure Stack Hub 特定的 API 版本設定檔。Update your environment configuration to use the Azure Stack Hub specific API version profile. 若要更新組態,請執行下列命令:To update the configuration, run the following command:

    az cloud update --profile 2019-03-01-hybrid
    
  6. 使用 az login 命令來登入 Azure Stack Hub 環境。Sign in to your Azure Stack Hub environment by using the az login command.

    您可以使用您的使用者認證登入 Azure Stack Hub 環境,或使用雲端操作員提供給您的 服務主體 (SPN) 。You can sign in to the Azure Stack Hub environment using your user credentials, or with a service principal (SPN) provided to you by your cloud operator.

    • 使用者 的身份登入:Sign in as a user:

      您可以直接在 az login 命令內指定使用者名稱和密碼,或使用瀏覽器進行驗證。You can either specify the username and password directly within the az login command, or authenticate by using a browser. 如果您的帳戶已啟用多重要素驗證,則必須採用後者方式:You must do the latter if your account has multi-factor authentication enabled:

      az login -u "user@contoso.onmicrosoft.com" -p 'Password123!' --tenant contoso.onmicrosoft.com
      

      注意

      如果您的使用者帳戶已啟用多重要素驗證,請使用 az login 命令,而不需提供 -u 參數。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter. 執行此命令可提供您一個 URL 以及必須用來進行驗證的代碼。Running this command gives you a URL and a code that you must use to authenticate.

    • 使用 服務主體 來登入:Sign in as a service principal:

      在登入之前,請透過 Azure 入口網站或 CLI 建立服務主體,並為它指派角色。Before you sign in, create a service principal through the Azure portal or CLI and assign it a role. 現在,請使用下列命令登入:Now, sign in by using the following command:

      az login `
        --tenant <Azure Active Directory Tenant name. `
                  For example: myazurestack.onmicrosoft.com> `
      --service-principal `
        -u <Application Id of the Service Principal> `
        -p <Key generated for the Service Principal>
      
  7. 確認您的環境已正確設定,而且您的環境是主動雲端。Verify that your environment is set correctly and that your environment is the active cloud.

        az cloud list --output table
    

您應該會看到已列出您的環境,且 IsActivetrueYou should see that your environment is listed and IsActive is true. 例如:For example:

IsActive    Name               Profile
----------  -----------------  -----------------
False       AzureCloud         2019-03-01-hybrid
False       AzureChinaCloud    latest
False       AzureUSGovernment  latest
False       AzureGermanCloud   latest
True        AzureStackUser     2019-03-01-hybrid

測試連線Test the connectivity

一切都已準備就緒後,請使用 CLI 在 Azure Stack Hub 中建立資源。With everything set up, use CLI to create resources within Azure Stack Hub. 例如,您可以建立應用程式的資源群組並新增 VM。For example, you can create a resource group for an app and add a VM. 若要建立名為 "MyResourceGroup" 的資源群組,請使用下列命令:Use the following command to create a resource group named "MyResourceGroup":

az group create -n MyResourceGroup -l local

如果資源群組成功建立,先前的命令會輸出新建立資源的下列內容:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:

資源群組建立輸出

後續步驟Next steps