使用 PowerShell 建立受控執行個體
適用於:
Azure SQL 受控執行個體
此 PowerShell 指令碼範例會在新的虛擬網路內的專用子網路中建立受控執行個體。 其也會設定虛擬網路的路由表與網路安全性群組。 一旦成功執行指令碼,便可從虛擬網路內或從內部部署環境存取受控執行個體。 請參閱設定 Azure VM 以連線到 Azure SQL Database 受控執行個體與設定從內部部署連線至 Azure SQL 受控執行個體的點對站連線。
使用 Azure Cloud Shell
Azure Cloud Shell 是裝載於 Azure 中的互動式殼層環境,可在瀏覽器中使用。 您可以使用 Bash 或 PowerShell 搭配 Cloud Shell,與 Azure 服務共同使用。 您可以使用 Cloud Shell 預先安裝的命令,執行本文提到的程式碼,而不必在本機環境上安裝任何工具。
要啟動 Azure Cloud Shell:
| 選項 | 範例/連結 |
|---|---|
| 選取程式碼區塊右上角的 [試試看]。 選取 [試用] 並不會自動將程式碼複製到 Cloud Shell 中。 |  |
| 請前往 https://shell.azure.com,或選取 [啟動 Cloud Shell] 按鈕,在瀏覽器中開啟 Cloud Shell。 |  |
| 選取 Azure 入口網站右上方功能表列上的 [Cloud Shell] 按鈕。 |  |
若要在 Azure Cloud Shell 中執行本文中的程式碼:
啟動 Cloud Shell。
選取程式碼區塊上的 [複製] 按鈕,複製程式碼。
透過在 Windows 和 Linux 上選取 Ctrl+Shift+V;或在 macOS 上選取 Cmd+Shift+V,將程式碼貼到 Cloud Shell 工作階段中。
選取 Enter 鍵執行程式碼。
如果選擇在本機安裝並使用 PowerShell,此教學課程需要 Azure PowerShell 1.4.0 或更新版本。 如果您需要升級,請參閱安裝 Azure PowerShell 模組。 如果您在本機執行 PowerShell,則也需要執行 Connect-AzAccount 以建立與 Azure 的連線。
範例指令碼
# <SetVariables>
$NSnetworkModels = "Microsoft.Azure.Commands.Network.Models"
$NScollections = "System.Collections.Generic"
Connect-AzAccount
# The SubscriptionId in which to create these objects
$SubscriptionId = ''
# Set the resource group name and location for your managed instance
$resourceGroupName = "myResourceGroup-$(Get-Random)"
$location = "eastus2"
# Set the networking values for your managed instance
$vNetName = "myVnet-$(Get-Random)"
$vNetAddressPrefix = "10.0.0.0/16"
$defaultSubnetName = "myDefaultSubnet-$(Get-Random)"
$defaultSubnetAddressPrefix = "10.0.0.0/24"
$miSubnetName = "MISubnet-$(Get-Random)"
$miSubnetAddressPrefix = "10.0.0.0/24"
#Set the managed instance name for the new managed instance
$instanceName = "mi-name-$(Get-Random)"
# Set the admin login and password for your managed instance
$miAdminSqlLogin = "SqlAdmin"
$miAdminSqlPassword = "ChangeThisPassword!!"
# Set the managed instance service tier, compute level, and license mode
$edition = "General Purpose"
$vCores = 8
$maxStorage = 256
$computeGeneration = "Gen5"
$license = "LicenseIncluded" #"BasePrice" or LicenseIncluded if you have don't have SQL Server licence that can be used for AHB discount
$dbname = 'SampleDB'
# </SetVariables>
# <CreateResourceGroup>
# Set subscription context
$subscriptionContextParams = @{
SubscriptionId = $SubscriptionId
}
Set-AzContext @subscriptionContextParams
# Create a resource group
$resourceGroupParams = @{
Name = $resourceGroupName
Location = $location
Tag = @{Owner="SQLDB-Samples"}
}
$resourceGroup = New-AzResourceGroup @resourceGroupParams
# </CreateResourceGroup>
# <CreateVirtualNetwork>
# Configure virtual network, subnets, network security group, and routing table
$networkSecurityGroupParams = @{
Name = 'myNetworkSecurityGroupMiManagementService'
ResourceGroupName = $resourceGroupName
Location = $location
}
$networkSecurityGroupMiManagementService = New-AzNetworkSecurityGroup @networkSecurityGroupParams
$routeTableParams = @{
Name = 'myRouteTableMiManagementService'
ResourceGroupName = $resourceGroupName
Location = $location
}
$routeTableMiManagementService = New-AzRouteTable @routeTableParams
$virtualNetworkParams = @{
ResourceGroupName = $resourceGroupName
Location = $location
Name = $vNetName
AddressPrefix = $vNetAddressPrefix
}
$virtualNetwork = New-AzVirtualNetwork @virtualNetworkParams
$subnetConfigParams = @{
Name = $miSubnetName
VirtualNetwork = $virtualNetwork
AddressPrefix = $miSubnetAddressPrefix
NetworkSecurityGroup = $networkSecurityGroupMiManagementService
RouteTable = $routeTableMiManagementService
}
$subnetConfig = Add-AzVirtualNetworkSubnetConfig @subnetConfigParams | Set-AzVirtualNetwork
$virtualNetwork = Get-AzVirtualNetwork -Name $vNetName -ResourceGroupName $resourceGroupName
$subnet= $virtualNetwork.Subnets[0]
# Create a delegation
$subnet.Delegations = New-Object "$NScollections.List``1[$NSnetworkModels.PSDelegation]"
$delegationName = "dgManagedInstance" + (Get-Random -Maximum 1000)
$delegationParams = @{
Name = $delegationName
ServiceName = "Microsoft.Sql/managedInstances"
}
$delegation = New-AzDelegation @delegationParams
$subnet.Delegations.Add($delegation)
Set-AzVirtualNetwork -VirtualNetwork $virtualNetwork
$miSubnetConfigId = $subnet.Id
$allowParameters = @{
Access = 'Allow'
Protocol = 'Tcp'
Direction= 'Inbound'
SourcePortRange = '*'
SourceAddressPrefix = 'VirtualNetwork'
DestinationAddressPrefix = '*'
}
$denyInParameters = @{
Access = 'Deny'
Protocol = '*'
Direction = 'Inbound'
SourcePortRange = '*'
SourceAddressPrefix = '*'
DestinationPortRange = '*'
DestinationAddressPrefix = '*'
}
$denyOutParameters = @{
Access = 'Deny'
Protocol = '*'
Direction = 'Outbound'
SourcePortRange = '*'
SourceAddressPrefix = '*'
DestinationPortRange = '*'
DestinationAddressPrefix = '*'
}
$networkSecurityGroupParams = @{
ResourceGroupName = $resourceGroupName
Name = "myNetworkSecurityGroupMiManagementService"
}
$networkSecurityGroup = Get-AzNetworkSecurityGroup @networkSecurityGroupParams
$allowRuleParams = @{
Access = 'Allow'
Protocol = 'Tcp'
Direction = 'Inbound'
SourcePortRange = '*'
SourceAddressPrefix = 'VirtualNetwork'
DestinationAddressPrefix = '*'
}
$denyInRuleParams = @{
Access = 'Deny'
Protocol = '*'
Direction = 'Inbound'
SourcePortRange = '*'
SourceAddressPrefix = '*'
DestinationPortRange = '*'
DestinationAddressPrefix = '*'
}
$denyOutRuleParams = @{
Access = 'Deny'
Protocol = '*'
Direction = 'Outbound'
SourcePortRange = '*'
SourceAddressPrefix = '*'
DestinationPortRange = '*'
DestinationAddressPrefix = '*'
}
$networkSecurityGroup |
Add-AzNetworkSecurityRuleConfig @allowRuleParams -Priority 1000 -Name "allow_tds_inbound" -DestinationPortRange 1433 |
Add-AzNetworkSecurityRuleConfig @allowRuleParams -Priority 1100 -Name "allow_redirect_inbound" -DestinationPortRange 11000-11999 |
Add-AzNetworkSecurityRuleConfig @denyInRuleParams -Priority 4096 -Name "deny_all_inbound" |
Add-AzNetworkSecurityRuleConfig @denyOutRuleParams -Priority 4096 -Name "deny_all_outbound" |
Set-AzNetworkSecurityGroup
# </CreateVirtualNetwork>
# <CreateManagedInstance>
# Create credentials
$secpassword = ConvertTo-SecureString $miAdminSqlPassword -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList @($miAdminSqlLogin, $secpassword)
$managedInstanceParams = @{
Name = $instanceName
ResourceGroupName = $resourceGroupName
Location = $location
SubnetId = $miSubnetConfigId
AdministratorCredential = $credential
StorageSizeInGB = $maxStorage
VCore = $vCores
Edition = $edition
ComputeGeneration = $computeGeneration
LicenseType = $license
}
New-AzSqlInstance @managedInstanceParams
# </CreateManagedInstance>
# <CreateDatabase>
$databaseParams = @{
ResourceGroupName = $resourceGroupName
InstanceName = $instanceName
Name = $dbname
Collation = 'Latin1_General_100_CS_AS_SC'
}
New-AzSqlInstanceDatabase @databaseParams
# </CreateDatabase>
# Clean up deployment
# Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
清除部署
使用下列命令來移除資源群組及其所有相關聯的資源。
Remove-AzResourceGroup -ResourceGroupName $resourcegroupname
指令碼說明
此指令碼會使用下列一些命令。 如需下表中已使用和其他命令的詳細資訊,請按下命令特定文件的連結。
| Command | 注意 |
|---|---|
| New-AzResourceGroup | 建立用來存放所有資源的資源群組。 |
| New-AzVirtualNetwork | 建立虛擬網路。 |
| Add-AzVirtualNetworkSubnetConfig | 新增虛擬網路子網路組態至虛擬網路。 |
| Get-AzVirtualNetwork | 取得資源群組中的虛擬網路。 |
| Set-AzVirtualNetwork | 設定虛擬網路的目標狀態。 |
| Get-AzVirtualNetworkSubnetConfig | 取得虛擬網路中的子網路。 |
| Set-AzVirtualNetworkSubnetConfig | 設定虛擬網路中子網組態的目標狀態。 |
| New-AzRouteTable | 建立路由表。 |
| Get-AzRouteTable | 取得路由表。 |
| Set-AzRouteTable | 設定路由表的目標狀態。 |
| New-AzSqlInstance | 建立受控執行個體。 |
| New-AzSqlInstanceDatabase | 建立受控執行個體資料庫。 |
| Remove-AzResourceGroup | 刪除資源群組,包括所有的巢狀資源。 |
下一步
如需有關 Azure PowerShell 的詳細資訊,請參閱 Azure PowerShell 文件。
如需 Azure SQL 受控執行個體 的其他 PowerShell 指令碼範例,請參閱 Azure SQL 受控執行個體 PowerShell 指令碼。
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應