处理 Azure 托管应用程序的托管资源组中的资源Work with resources in the managed resource group for Azure managed application

本文介绍如何更新已部署为托管应用程序的一部分的资源。This article describes how to update resources that are deployed as part of a managed application. 托管应用程序的发布者有权访问托管资源组中的资源。As the publisher of a managed application, you have access to the resources in the managed resource group. 若要更新这些资源,需要找到与托管应用程序关联的托管资源组,并访问该资源组中的资源。To update these resources, you need to find the managed resource group associated with a managed application, and access the resource in that resource group.

本文假设已部署包含 Azure 管理服务的托管 Web 应用程序 (IaaS) 示例项目中的托管应用程序。This article assumes you have deployed the managed application in the Managed Web Application (IaaS) with Azure management services sample project. 该托管应用程序包含一个 Standard_D1_v2 虚拟机。That managed application includes a Standard_D1_v2 virtual machine. 如果尚未部署该托管应用程序,仍可以使用本文来熟悉更新托管资源组的步骤。If you have not deployed that managed application, you can still use this article to become familiar with the steps for updating a managed resource group.

下图显示了已部署的托管应用程序。The following image shows the deployed managed application.

已部署的托管应用程序

在本文中,我们使用 Azure CLI 来执行以下操作:In this article, you use Azure CLI to:

  • 识别托管应用程序Identify the managed application
  • 识别托管资源组Identify the managed resource group
  • 识别托管资源组中的虚拟机资源Identify the virtual machine resource(s) in the managed resource group
  • 更改 VM 大小(更改为未被使用的更小大小,或者更改为更大的大小以支持更多负载)Change the VM size (either to a smaller size if not utilized, or a larger to support more load)
  • 将用于指定允许位置的策略分配到托管资源组Assign a policy to the managed resource group that specifies the allowed locations

获取托管应用程序和托管资源组Get managed application and managed resource group

若要获取资源组中的托管应用程序,请使用:To get the managed applications in a resource group, use:

az managedapp list --query "[?contains(resourceGroup,'DemoApp')]"

若要获取托管资源组的 ID,请使用:To get the ID of the managed resource group, use:

az managedapp list --query "[?contains(resourceGroup,'DemoApp')].{ managedResourceGroup:managedResourceGroupId }"

调整托管资源组中 VM 的大小Resize VMs in managed resource group

若要查看托管资源组中的虚拟机,请提供托管资源组的名称。To see the virtual machines in the managed resource group, provide the name of the managed resource group.

az vm list -g DemoApp6zkevchqk7sfq --query "[].{VMName:name,OSType:storageProfile.osDisk.osType,VMSize:hardwareProfile.vmSize}"

若要更新 VM 的大小,请使用:To update the size of the VMs, use:

az vm resize --size Standard_D2_v2 --ids $(az vm list -g DemoApp6zkevchqk7sfq --query "[].id" -o tsv)

完成操作后,验证应用程序是否在 Standard D2 v2 大小的 VM 上运行。After the operation completes, verify the application is running on Standard D2 v2.

使用 Standard D2 v2 大小的托管应用程序

将策略应用到托管资源组Apply policy to managed resource group

获取托管资源组并在该范围分配策略。Get the managed resource group and assignment a policy at that scope. 策略 e56962a6-4747-49cd-b67b-bf8b01975c4c 是用于指定允许位置的内置策略。The policy e56962a6-4747-49cd-b67b-bf8b01975c4c is a built-in policy for specifying allowed locations.

managedGroup=$(az managedapp show --name <app-name> --resource-group DemoApp --query managedResourceGroupId --output tsv)

az policy assignment create --name locationAssignment --policy e56962a6-4747-49cd-b67b-bf8b01975c4c --scope $managedGroup --params '{
                            "listofallowedLocations": {
                                "value": [
                                    "chinaeast",
                                    "chinanorth"
                                ]
                            }
                        }'

若要查看允许的位置,请使用:To see the allowed locations, use:

az policy assignment show --name locationAssignment --scope $managedGroup --query parameters.listofallowedLocations.value

策略分配显示在门户中。The policy assignment appears in the portal.

查看策略分配

后续步骤Next steps