Azure Resource Manager 概述Azure Resource Manager overview

Azure 资源管理器是 Azure 的部署和管理服务。Azure Resource Manager is the deployment and management service for Azure. 它提供一致的管理层用于在 Azure 订阅中创建、更新和删除资源。It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. 部署后,可以使用其访问控制、审核和标记功能来保护与组织资源。You can use its access control, auditing, and tagging features to secure and organize your resources after deployment.

通过门户、PowerShell、Azure CLI、REST API 或客户端 SDK 执行操作时,Azure 资源管理器 API 将处理你的请求。When you take actions through the portal, PowerShell, Azure CLI, REST APIs, or client SDKs, the Azure Resource Manager API handles your request. 由于所有请求是通过同一个 API 处理的,因此在所有不同的工具中会看到一致的结果和功能。Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools. 在门户中提供的所有功能也可以通过 PowerShell、Azure CLI、REST API 和客户端 SDK 来提供。All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. 最初通过 API 发布的功能将在初次发布后的 180 天内在门户中提供。Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

下图显示各种工具如何与 Azure 资源管理器 API 交互。The following image shows how all the tools interact with the Azure Resource Manager API. API 将请求传递给 Resource Manager 服务,后者对请求进行身份验证和授权。The API passes requests to the Resource Manager service, which authenticates and authorizes the requests. 资源管理器随后将请求路由到相应的服务。Resource Manager then routes the requests to the appropriate service.

Resource Manager 请求模型

术语Terminology

如果不熟悉 Azure 资源管理器,则可能不熟悉某些术语。If you're new to Azure Resource Manager, there are some terms you might not be familiar with.

  • 资源 - 可通过 Azure 获取的可管理项。resource - A manageable item that is available through Azure. 资源的示例包括虚拟机、存储帐户、Web 应用、数据库和虚拟网络。Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
  • 资源组 - 一个容器,用于保存 Azure 解决方案的相关资源。resource group - A container that holds related resources for an Azure solution. 资源组包括你想要作为一个组进行管理的那些资源。The resource group includes those resources that you want to manage as a group. 根据对组织有利的原则,决定如何将资源分配到资源组。You decide how to allocate resources to resource groups based on what makes the most sense for your organization. 请参阅 资源组See Resource groups.
  • 资源提供程序 - 提供 Azure 资源的服务。resource provider - A service that supplies Azure resources. 例如,Microsoft.Compute 就是一个常见的资源提供程序,它提供虚拟机资源。For example, a common resource provider is Microsoft.Compute, which supplies the virtual machine resource. Microsoft.Storage 是另一个常见的资源提供程序。Microsoft.Storage is another common resource provider. 请参阅 资源提供程序See Resource providers.
  • 资源管理器模板 - 一个 JavaScript 对象表示法 (JSON) 文件,用于定义一个或多个要部署到资源组或订阅的资源。Resource Manager template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group or subscription. 使用模板能够以一致方式反复部署资源。The template can be used to deploy the resources consistently and repeatedly. 请参阅 模板部署See Template deployment.
  • 声明性语法 - 一种语法,允许声明“以下是我想要创建的项目”,而不需要编写一系列编程命令来进行创建。declarative syntax - Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it. Resource Manager 模板便是声明性语法的其中一个示例。The Resource Manager template is an example of declarative syntax. 在该文件中,可以定义要部署到 Azure 的基础结构的属性。In the file, you define the properties for the infrastructure to deploy to Azure.

使用 Resource Manager 的优势The benefits of using Resource Manager

Resource Manager 提供多种优势:Resource Manager provides several benefits:

  • 可以以组的形式部署、管理和监视解决方案的所有资源,而不是单独处理这些资源。You can deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
  • 可以在整个开发生命周期内重复部署解决方案,并确保以一致的状态部署资源。You can repeatedly deploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.
  • 可以通过声明性模板而非脚本来管理基础结构。You can manage your infrastructure through declarative templates rather than scripts.
  • 可以定义各资源之间的依赖关系,使其按正确的顺序进行部署。You can define the dependencies between resources so they're deployed in the correct order.
  • 可以将访问控制应用到资源组中的所有服务,因为基于角色的访问控制 (RBAC) 已在本机集成到管理平台。You can apply access control to all services in your resource group because Role-Based Access Control (RBAC) is natively integrated into the management platform.
  • 可以将标记应用到资源,以逻辑方式组织订阅中的所有资源。You can apply tags to resources to logically organize all the resources in your subscription.
  • 可以通过查看一组共享相同标记的资源的成本来明确组织的帐单。You can clarify your organization's billing by viewing costs for a group of resources sharing the same tag.

了解范围Understand scope

Azure 提供四个级别的范围:管理组、订阅、资源组和资源。Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. 下图显示了一个这些层的示例。The following image shows an example of these layers.

作用域

将在上述任何级别的作用域中应用管理设置。You apply management settings at any of these levels of scope. 所选的级别确定应用设置的广泛程度。The level you select determines how widely the setting is applied. 较低级别继承较高级别的设置。Lower levels inherit settings from higher levels. 例如,将策略应用于订阅时,该策略将应用于订阅中的所有资源组和资源。For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. 在资源组上应用策略时,该策略将应用于资源组及其所有资源。When you apply a policy on the resource group, that policy is applied the resource group and all its resources. 但是,其他资源组没有该策略分配。However, another resource group doesn't have that policy assignment.

可以将模板部署到管理组、订阅或资源组。You can deploy templates to management groups, subscriptions, or resource groups.

指南Guidance

以下建议将帮助你在使用解决方案时充分利用 Resource Manager。The following suggestions help you take full advantage of Resource Manager when working with your solutions.

  • 通过 Resource Manager 模板中的声明性语法而不是强制性的命令来定义和部署基础结构。Define and deploy your infrastructure through the declarative syntax in Resource Manager templates, rather than through imperative commands.
  • 在模板中定义所有部署和配置步骤。Define all deployment and configuration steps in the template. 在设置解决方案时不应执行手动步骤。You should have no manual steps for setting up your solution.
  • 运行强制性命令来管理资源,例如启动或停止应用或计算机。Run imperative commands to manage your resources, such as to start or stop an app or machine.
  • 排列资源组中具有相同生命周期的资源。Arrange resources with the same lifecycle in a resource group. 使用标记来组织其他所有资源。Use tags for all other organizing of resources.

有关创建资源管理器模板的建议,请参阅 Azure 资源管理器模板的最佳做法For recommendations on creating Resource Manager templates, see Azure Resource Manager template best practices.

资源组Resource groups

定义资源组时,需要考虑以下几个重要因素:There are some important factors to consider when defining your resource group:

  • 组中的所有资源应该共享相同的生命周期。All the resources in your group should share the same lifecycle. 一起部署、更新和删除这些资源。You deploy, update, and delete them together. 如果某个资源(例如数据库服务器)需要采用不同的部署周期,则它应在另一个资源组中。If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.
  • 每个资源只能在一个资源组中。Each resource can only exist in one resource group.
  • 随时可以在资源组添加或删除资源。You can add or remove a resource to a resource group at any time.
  • 可以将资源从一个资源组移到另一个组。You can move a resource from one resource group to another group. 有关详细信息,请参阅将资源移到新资源组或订阅For more information, see Move resources to new resource group or subscription.
  • 资源组可以包含位于不同区域的资源。A resource group can contain resources that are located in different regions.
  • 资源组可用于划分对管理操作的访问控制。A resource group can be used to scope access control for administrative actions.
  • 资源可与其他资源组中的资源进行交互。A resource can interact with resources in other resource groups. 如果两个资源相关,但不共享相同的生命周期,那么这种交互很常见(例如,Web 应用连接到数据库)。This interaction is common when the two resources are related but don't share the same lifecycle (for example, web apps connecting to a database).

创建资源组时,需要为该资源组提供一个位置。When creating a resource group, you need to provide a location for that resource group. 你可能想知道,“为什么资源组需要一个位置?You may be wondering, "Why does a resource group need a location? 以及,如果资源可以具有与资源组不同的位置,资源组的位置应该不重要啊?And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" ” 资源组存储与资源有关的元数据。The resource group stores metadata about the resources. 因此,当指定资源组的位置时,也就指定了元数据的存储位置。Therefore, when you specify a location for the resource group, you're specifying where that metadata is stored. 出于合规性原因,可能需要确保数据存储在某一特定区域。For compliance reasons, you may need to ensure that your data is stored in a particular region.

如果资源组的区域暂时不可用,则无法更新资源组中的资源,因为元数据不可用。If the resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable. 其他区域中的资源仍可按预期运行,但你不能更新它们。The resources in other regions will still function as expected, but you can't update them.

资源提供程序Resource providers

每个资源提供程序提供一组资源以及用于处理这些资源的操作。Each resource provider offers a set of resources and operations for working with those resources. 例如,若要存储密钥和密码,可以使用 Microsoft.KeyVault 资源提供程序。For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. 此资源提供程序提供名为“保管库”的资源类型,用于创建密钥保管库。 This resource provider offers a resource type called vaults for creating the key vault.

资源类型的名称采用以下格式:{resource-provider}/{resource-type} 。The name of a resource type is in the format: {resource-provider}/{resource-type}. Key Vault 的资源类型为 Microsoft.KeyVault/vaultsThe resource type for a key vault is Microsoft.KeyVault/vaults.

开始部署资源之前,应了解可用的资源提供程序。Before getting started with deploying your resources, you should gain an understanding of the available resource providers. 了解资源提供程序和资源的名称可帮助定义想要部署到 Azure 的资源。Knowing the names of resource providers and resources helps you define resources you want to deploy to Azure. 此外,还需要知道每种资源类型的有效位置和 API 版本。Also, you need to know the valid locations and API versions for each resource type. 有关详细信息,请参阅资源提供程序和类型For more information, see Resource providers and types.

有关资源提供程序提供的所有操作,请参阅 Azure REST APIFor all the operations offered by resource providers, see the Azure REST APIs.

模板部署Template deployment

使用 Resource Manager 可以创建(JSON 格式的)模板,用于定义 Azure 解决方案的基础结构和配置。With Resource Manager, you can create a template (in JSON format) that defines the infrastructure and configuration of your Azure solution. 使用模板可以在解决方案的整个生命周期内重复部署该解决方案,确保以一致的状态部署资源。By using a template, you can repeatedly deploy your solution throughout its lifecycle and have confidence your resources are deployed in a consistent state.

若要了解模板的格式及其构造方法,请参阅了解 Azure 资源管理器模板的结构和语法To learn about the format of the template and how you construct it, see Understand the structure and syntax of Azure Resource Manager Templates.

资源管理器像处理其他任何请求一样处理模板。Resource Manager processes the template like any other request. 它会分析模板,并将其语法转换为相应资源提供程序所需的 REST API 操作。It parses the template and converts its syntax into REST API operations for the appropriate resource providers. 例如,当 Resource Manager 收到具有以下资源定义的模板时:For example, when Resource Manager receives a template with the following resource definition:

"resources": [
  {
    "apiVersion": "2016-01-01",
    "type": "Microsoft.Storage/storageAccounts",
    "name": "mystorageaccount",
    "location": "chinanorth",
    "sku": {
      "name": "Standard_LRS"
    },
    "kind": "Storage",
    "properties": {
    }
  }
]

它会将该定义转换为以下 REST API 操作,然后,该操作将发送到 Microsoft.Storage 资源提供程序:It converts the definition to the following REST API operation, which is sent to the Microsoft.Storage resource provider:

PUT
https://management.chinacloudapi.cn/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/mystorageaccount?api-version=2016-01-01
REQUEST BODY
{
  "location": "chinanorth",
  "properties": {
  }
  "sku": {
    "name": "Standard_LRS"
  },
  "kind": "Storage"
}

模板和资源组的定义方式完全取决于用户及其所需的解决方案管理方式。How you define templates and resource groups is entirely up to you and how you want to manage your solution. 例如,可以通过单个模板在单个资源组中部署三层式应用程序。For example, you can deploy your three tier application through a single template to a single resource group.

三层模板

但无需在单个模板中定义整个基础结构。But, you don't have to define your entire infrastructure in a single template. 通常,合理的做法是将部署要求划分成一组有针对性的模板。Often, it makes sense to divide your deployment requirements into a set of targeted, purpose-specific templates. 可以轻松地将这些模板重复用于不同的解决方案。You can easily reuse these templates for different solutions. 若要部署特定的解决方案,请创建链接所有所需模板的主模板。To deploy a particular solution, you create a master template that links all the required templates. 下图显示如何通过包含三个嵌套模板的父模板部署三层式解决方案。The following image shows how to deploy a three tier solution through a parent template that includes three nested templates.

嵌套层模板

如果希望层具有不同的生命周期,可将这三个层部署到不同的资源组。If you envision your tiers having separate lifecycles, you can deploy your three tiers to separate resource groups. 请注意,资源仍可链接到其他资源组中的资源。Notice the resources can still be linked to resources in other resource groups.

层模板

有关嵌套模板的信息,请参阅将链接模板与 Azure 资源管理器配合使用For information about nested templates, see Using linked templates with Azure Resource Manager.

Azure Resource Manager 会分析依赖关系,以确保按正确的顺序创建资源。Azure Resource Manager analyzes dependencies to ensure resources are created in the correct order. 如果一个资源依赖于另一个资源(例如虚拟机需要存储帐户才能访问磁盘)中的值,请设置依赖关系。If one resource relies on a value from another resource (such as a virtual machine needing a storage account for disks), you set a dependency. 有关详细信息,请参阅在 Azure Resource Manager 模板中定义依赖关系For more information, see Defining dependencies in Azure Resource Manager templates.

还可以使用模板对基础结构进行更新。You can also use the template for updates to the infrastructure. 例如,可以将资源添加到解决方案,并为已部署的资源添加配置规则。For example, you can add a resource to your solution and add configuration rules for the resources that are already deployed. 如果模板定义的资源已存在,则资源管理器会更新现有资源而不会创建新资源。If the template defines a resource that already exists, Resource Manager updates the existing resource instead of creating a new one.

如果需要其他操作(例如,安装未包含在安装程序中的特定软件)时,资源管理器可提供所需的扩展。Resource Manager provides extensions for scenarios when you need additional operations such as installing particular software that isn't included in the setup. 如果已在使用配置管理服务(如 DSC、Chef 或 Puppet),则可以使用扩展来继续处理该服务。If you're already using a configuration management service, like DSC, Chef or Puppet, you can continue working with that service by using extensions. 有关虚拟机扩展的信息,请参阅关于虚拟机扩展和功能For information about virtual machine extensions, see About virtual machine extensions and features.

从门户创建解决方案时,该解决方案自动包含部署模板。When you create a solution from the portal, the solution automatically includes a deployment template. 无需从头开始创建模板,因为可以从解决方案的模板着手,并根据特定需求自定义该模板。You don't have to create your template from scratch because you can start with the template for your solution and customize it to meet your specific needs. 有关示例,请参阅快速入门:使用 Azure 门户创建和部署 Azure 资源管理器模板For a sample, see Quickstart: Create and deploy Azure Resource Manager templates by using the Azure portal. 还可以通过导出资源组的当前状态或查看特定部署所用的模板来检索现有资源组的模板。You can also retrieve a template for an existing resource group by either exporting the current state of the resource group, or viewing the template used for a particular deployment. 查看导出的模板是了解模板语法的有用方法。Viewing the exported template is a helpful way to learn about the template syntax.

最后,该模板成为应用程序源代码的一部分。Finally, the template becomes part of the source code for your app. 可以将它签入源代码存储库,并随着应用程序的发展更新该模板。You can check it in to your source code repository and update it as your app evolves. 可以通过 Visual Studio 编辑模板。You can edit the template through Visual Studio.

定义模板后,即可将资源部署到 Azure。After defining your template, you're ready to deploy the resources to Azure. 若要部署资源,请参阅:To deploy the resources, see:

Azure 资源管理器的复原能力Resiliency of Azure Resource Manager

Azure 资源管理器服务旨在实现复原能力和持续可用性。The Azure Resource Manager service is designed for resiliency and continuous availability. REST API 中的资源管理器和控制平面操作(发送到 management.chinacloudapi.cn 的请求)具有以下特性:Resource Manager and control plane operations (requests sent to management.chinacloudapi.cn) in the REST API are:

  • 跨区域分布。Distributed across regions. 某些服务具有区域性。Some services are regional.

  • 不依赖于单个逻辑数据中心。Not dependent on a single logical data center.

  • 从未因维护活动而停机。Never taken down for maintenance activities.

这种复原能力适用于通过资源管理器接收请求的服务。This resiliency applies to services that receive requests through Resource Manager. 例如,Key Vault 可以利用这种复原能力。For example, Key Vault benefits from this resiliency.

快速入门和教程Quickstarts and tutorials

使用以下快速入门和教程了解如何开发资源管理器模板:Use the following quickstarts and tutorials to learn how to develop resource manager templates:

  • 快速入门Quickstarts

    标题Title 说明Description
    使用 Azure 门户Use the Azure portal 使用门户生成模板,并了解模板的编辑和部署过程。Generate a template using the portal, and understand the process of editing and deploying the template.
    使用 Visual Studio CodeUse Visual Studio Code 使用 Visual Studio Code 创建和编辑模板,以及如何使用 Azure Shell 部署模板。Use Visual Studio Code to create and edit templates, and how to use the Azure Shell to deploy templates.
    使用 Visual StudioUse Visual Studio 使用 Visual Studio 创建、编辑和部署模板。Use Visual Studio to create, edit, and deploy templates.
  • 教程Tutorials

    标题Title 说明Description
    利用模板参考Utilize template reference 利用模板参考文档来开发模板。Utilize the template reference documentation to develop templates. 在本教程中,找到存储帐户架构,并使用相关信息来创建加密的存储帐户。In the tutorial, you find the storage account schema, and use the information to create an encrypted storage account.
    创建多个实例Create multiple instances 创建多个 Azure 资源的实例。Create multiple instances of Azure resources. 在本教程中,将创建多个存储帐户实例。In the tutorial, you create multiple instances of storage account.
    设置资源部署顺序Set resource deployment order 定义资源依赖关系。Define resource dependencies. 在本教程中,将创建虚拟网络、虚拟机和相关 Azure 资源。In the tutorial, you create a virtual network, a virtual machine, and the dependent Azure resources. 了解如何定义依赖关系。You learn how the dependencies are defined.
    使用条件Use conditions 基于某些参数值来部署资源。Deploy resources based on some parameter values. 在本教程中,基于参数的值定义一个模板以创建新的存储帐户或使用现有存储帐户。In the tutorial, you define a template to create a new storage account or use an existing storage account based on the value of a parameter.
    集成 Key VaultIntegrate key vault 从 Azure Key Vault 检索机密/密码。Retrieve secrets/passwords from Azure Key Vault. 在本教程中,将创建虚拟机。In the tutorial, you create a virtual machine. 从 Key Vault 检索虚拟机管理员密码。The virtual machine administrator password is retrieved from a Key Vault.
    创建链接模板Create linked templates 模块化模板,并从模板中调用其他模板。Modularize templates, and call other templates from a template. 在本教程中,将创建虚拟网络、虚拟机和相关资源。In the tutorial, you create a virtual network, a virtual machine, and the dependent resources. 相关存储帐户在链接模板中定义。The dependent storage account is defined in a linked template.
    部署虚拟机扩展Deploy virtual machine extensions 使用扩展执行部署后任务。Perform post-deployment tasks by using extensions. 在本教程中,你将部署客户脚本扩展以在虚拟机上安装 Web 服务器。In the tutorial, you deploy a customer script extension to install web server on the virtual machine.
    部署 SQL 扩展Deploy SQL extensions 使用扩展执行部署后任务。Perform post-deployment tasks by using extensions. 在本教程中,你将部署客户脚本扩展以在虚拟机上安装 Web 服务器。In the tutorial, you deploy a customer script extension to install web server on the virtual machine.
    保护项目Secure artifacts 保护完成部署所需的项目。Secure the artifacts needed to complete the deployments. 本教程介绍如何保护“部署 SQL 扩展”教程中使用的项目。In the tutorial, you learn how to secure the artifact used in the Deploy SQL extensions tutorial.
    教程:对资源管理器模板部署进行故障排除Tutorial: Troubleshoot Resource Manager template deployments 排查模板部署问题。Troubleshoot template deployment issues.

这些教程可以单独使用,也可以作为一系列用于学习主要的资源管理器模板开发概念。These tutorials can be used individually, or as a series to learn the major Resource Manager template development concepts.

后续步骤Next steps

在本文中,你已学习了如何使用 Azure 资源管理器在 Azure 上部署和管理资源以及对其进行访问控制。In this article, you learned how to use Azure Resource Manager for deployment, management, and access control of resources on Azure. 请前进到下一文章来学习如何部署你的第一个 Azure 资源管理器模板。Proceed to the next article to learn how to create your first Azure Resource Manager template.