在 Azure Stack 中部署应用服务Deploy App Service in Azure Stack

适用于:Azure Stack 集成系统和 Azure Stack 开发工具包Applies to: Azure Stack integrated systems and Azure Stack Development Kit

本文介绍如何在 Azure Stack 中部署应用服务。This article describes how to deploy App Service in Azure Stack.

Important

请将 1907 更新应用于 Azure Stack 集成系统,或部署最新的 Azure Stack 开发工具包 (ASDK),然后部署 Azure 应用服务 1.7。Apply the 1907 update to your Azure Stack integrated system or deploy the latest Azure Stack Development Kit (ASDK) before you deploy Azure App Service 1.7.

可以让用户能够创建 Web 应用程序和 API 应用程序。You can give your users the ability to create web and API applications. 若要让用户创建这些应用,必须:To let users create these apps, you need to:

  • 执行本文所述步骤,将应用服务资源提供程序添加到 Azure Stack 部署。Add the App Service resource provider to your Azure Stack deployment using the steps described in this article.
  • 安装应用服务资源提供程序后,可以将其包括在套餐和计划中。After you install the App Service resource provider, you can include it in your offers and plans. 然后,用户可以通过订阅获取服务并开始创建应用。Users can then subscribe to get the service and start creating apps.

Important

在运行资源提供程序安装程序之前,请确保已按照准备工作中的指南进行操作,并已阅读版本 1.7 随附的发行说明Before you run the resource provider installer, make sure that you've followed the guidance in Before you get started and have read the release notes which accompany the 1.7 release. 阅读此内容可以了解新功能、修补程序以及任何可能影响部署的已知问题。Reading this content helps you learn about new functionality, fixes, and any known issues which could affect your deployment.

运行应用服务资源提供程序安装程序Run the App Service resource provider installer

安装应用服务资源提供程序至少需要一小时。Installing the App Service resource provider takes at least an hour. 所需时长取决于部署的角色实例数。The length of time needed depends on how many role instances you deploy. 部署期间,安装程序运行以下任务:During the deployment, the installer runs the following tasks:

  • 在指定的 Azure Stack 存储帐户中创建 blob 容器。Create a blob container in the specified Azure Stack storage account.
  • 为应用服务中创建 DNS 区域和条目。Create a DNS zone and entries for App Service.
  • 注册应用服务资源提供程序。Register the App Service resource provider.
  • 注册应用服务库项。Register the App Service gallery items.

若要部署应用服务资源提供程序,请执行以下步骤:To deploy App Service resource provider, follow these steps:

  1. 在可以访问“Azure Stack 管理”Azure 资源管理终结点的计算机上,以管理员身份运行 appservice.exe。Run appservice.exe as an admin from a computer that can access the Azure Stack Admin Azure Resource Management Endpoint.

  2. 选择“部署应用服务或升级到最新版本”。 Select Deploy App Service or upgrade to the latest version.

    应用服务安装程序

  3. 查看并接受 Microsoft 软件许可条款,然后选择“下一步” 。Review and accept the Microsoft Software License Terms and then select Next.

  4. 查看并接受第三方许可条款,然后选择“下一步” 。Review and accept the third-party license terms and then select Next.

  5. 请确保应用服务云配置信息正确无误。Make sure that the App Service cloud configuration information is correct. 如果在 ASDK 部署过程中使用了默认设置,则可接受默认值。If you used the default settings during ASDK deployment, you can accept the default values. 但是,如果在部署 ASDK 时自定义了选项,或者要部署到 Azure Stack 集成系统,则必须在此窗口中根据差异情况编辑相应的值。But, if you customized the options when you deployed the ASDK, or are deploying on an Azure Stack integrated system, you must edit the values in this window to reflect the differences.

    例如,如果使用域后缀 mycloud.com,则必须将“Azure Stack 租户”Azure 资源管理器终结点更改为 management.<区域>.mycloud.com。For example, if you use the domain suffix mycloud.com, your Azure Stack Tenant Azure Resource Manager endpoint must change to management.<region>.mycloud.com. 查看这些设置,然后选择“下一步”以保存设置。 Review these settings, and then select Next to save the settings.

    应用服务安装程序

  6. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 选择“Azure Stack 订阅”旁边的“连接” 。Select Connect next to the Azure Stack Subscriptions.

    • 如果使用 Azure Active Directory (Azure AD),请输入在部署 Azure Stack 时提供的 Azure AD 管理员帐户和密码。If you're using Azure Active Directory (Azure AD), enter the Azure AD admin account and password that you provided when you deployed Azure Stack. 选择“登录” 。Select Sign In.
    • 如果使用 Active Directory 联合身份验证服务 (AD FS),请提供管理员帐户。If you're using Active Directory Federation Services (AD FS), provide your admin account. 例如,cloudadmin@azurestack.local。For example, cloudadmin@azurestack.local. 输入密码,然后选择“登录” 。Enter your password, and then select Sign In.

    b.b. 在“Azure Stack 订阅”中,选择“默认提供程序订阅”。 In Azure Stack Subscriptions, select the Default Provider Subscription.

    Important

    应用服务必须部署到默认提供程序订阅App Service must be deployed to the Default Provider Subscription.

    c.c. 在“Azure Stack 位置” 中,选择要部署到的区域所对应的位置。In the Azure Stack Locations, select the location that corresponds to the region you're deploying to. 例如,若要部署到 ASDK,请选择“本地”。 For example, select local if you're deploying to the ASDK.

    应用服务安装程序

  7. 现在,可以部署到使用这些步骤配置的现有虚拟网络中,或者让应用服务安装程序创建新的虚拟网络和子网。Now you can deploy into an existing virtual network that you configured using these steps, or let the App Service installer create a new virtual network and subnets. 若要创建 VNet,请执行以下步骤:To create a VNet, follow these steps:

    a.a. 选择“使用默认设置创建 VNet”,接受默认值,然后选择“下一步”。 Select Create VNet with default settings, accept the defaults, and then select Next.

    b.b. 也可选择“使用现有的 VNet 和子网”。 Alternatively, select Use existing VNet and Subnets. 完成以下操作:Complete the following actions:

    • 选择包含虚拟网络的资源组Select the Resource Group that contains your virtual network.
    • 选择要部署到其中的虚拟网络的名称。Choose the Virtual Network name that you want to deploy to.
    • 为每个所需角色子网选择正确的“子网”值。 Select the correct Subnet values for each of the required role subnets.
    • 选择“下一步”。Select Next.

    应用服务安装程序

  8. 输入文件共享的信息,然后选择“下一步” 。Enter the info for your file share and then select Next. 文件共享的地址必须使用文件服务器的完全限定域名 (FQDN) 或 IP 地址。The address of the file share must use the Fully Qualified Domain Name (FQDN) or the IP address of your File Server. 例如 \\appservicefileserver.local.cloudapp.azurestack.external\websites,或 \\10.0.0.1\websites。For example, \\appservicefileserver.local.cloudapp.azurestack.external\websites, or \\10.0.0.1\websites. 如果使用已加入域的文件服务器,则必须提供包含域的完整用户名。If you're using a file server, which is domain joined, you must provide the full username including domain. 例如 myfileserverdomain\FileShareOwner。For example, myfileserverdomain\FileShareOwner.

    Note

    在继续下一步之前,安装程序会尝试测试与文件共享的连接。The installer tries to test connectivity to the file share before proceeding. 不过,如果是部署到现有的虚拟网络,此连接测试可能会失败。But, if you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果文件共享信息正确,请继续部署。If the file share info is correct, continue the deployment.

    应用服务安装程序

  9. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 在“标识应用程序 ID” 框中,输入要用于标识的应用 GUID(来自 Azure AD)。In the Identity Application ID box, enter the GUID for the app you're using for identity (from Azure AD).

    b.b. 在“标识应用程序证书文件” 框中,输入(或浏览到)证书文件的位置。In the Identity Application certificate file box, enter (or browse to) the location of the certificate file.

    c.c. 在“标识应用程序证书密码” 框中,输入证书的密码。In the Identity Application certificate password box, enter the password for the certificate. 此密码是在使用脚本创建证书时记下的密码。This password is the one that you made note of when you used the script to create the certificates.

    d.d. 在“Azure 资源管理器根证书文件” 框中,输入(或浏览到)证书文件的位置。In the Azure Resource Manager root certificate file box, enter (or browse to) the location of the certificate file.

    e.e. 选择“下一步”。Select Next.

    应用服务安装程序

  10. 对于三个证书文件框的每一个框,请选择“浏览” 并导航到相应的证书文件。For each of the three certificate file boxes, select Browse and navigate to the appropriate certificate file. 必须为每个证书提供密码。You must provide the password for each certificate. 这些证书是在创建所需证书步骤中创建的。These certificates are the ones that you created in the Create required certificates step. 输入所有信息后,选择“下一步” 。Select Next after entering all the information.

    BoxBox 证书文件名示例Certificate file name example
    应用服务默认 SSL 证书文件App Service default SSL certificate file _.appservice.local.AzureStack.external.pfx_.appservice.local.AzureStack.external.pfx
    应用服务 API SSL 证书文件App Service API SSL certificate file api.appservice.local.AzureStack.external.pfxapi.appservice.local.AzureStack.external.pfx
    应用服务发布者 SSL 证书文件App Service Publisher SSL certificate file ftp.appservice.local.AzureStack.external.pfxftp.appservice.local.AzureStack.external.pfx

    如果在创建证书时使用了其他域后缀,证书文件名不要使用 local.AzureStack.externalIf you used a different domain suffix when you created the certificates, your certificate file names don't use local.AzureStack.external. 而要改用自定义域信息。Instead, use your custom domain info.

    应用服务安装程序

  11. 为用于托管应用服务资源提供程序数据库的服务器实例输入 SQL Server 详细信息,然后选择“下一步” 。Enter the SQL Server details for the server instance used to host the App Service resource provider database and then select Next. 安装程序将验证 SQL 连接属性。The installer validates the SQL connection properties.

    在继续下一步之前,应用服务安装程序会尝试测试与 SQL Server 的连接。The App Service installer tries to test connectivity to the SQL Server before proceeding. 如果是部署到现有的虚拟网络,此连接测试可能会失败。If you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果 SQL Server 信息正确,请继续部署。If the SQL Server info is correct, continue the deployment.

    应用服务安装程序

  12. 查看角色实例和 SKU 选项。Review the role instance and SKU options. 默认设置中填充了 ASDK 部署中每个角色的最小实例数和最低 SKU 层级。The defaults populate with the minimum number of instances and the minimum SKU for each role in an ASDK deployment. 提供 vCPU 和内存要求摘要是为了帮助你规划部署。A summary of vCPU and memory requirements is provided to help plan your deployment. 进行选择后,请选择“下一步”。 After you make your selections, select Next.

    Note

    对于生产部署,请按照 Azure Stack 中 Azure 应用服务服务器角色的容量规划中的指南进行操作。For production deployments, following the guidance in Capacity planning for Azure App Service server roles in Azure Stack.

    角色Role 最小实例数Minimum instances 最小 SKUMinimum SKU 注释Notes
    控制器Controller 11 Standard_A2 -(2 个 vCPU,3584 MB)Standard_A2 - (2 vCPU, 3584 MB) 管理和维护应用服务云的运行状况。Manages and maintains the health of the App Service cloud.
    管理Management 11 Standard_A2 -(2 vCPU,3584 MB)Standard_A2 - (2 vCPUs, 3584 MB) 管理应用服务 Azure 资源管理器和 API 终结点、门户扩展(管理员门户、租户门户、Functions 门户)和数据服务。Manages the App Service Azure Resource Manager and API endpoints, portal extensions (admin, tenant, Functions portal), and the data service. 为了支持故障转移,已将建议的实例数增加到 2 个。To support failover, increased the recommended instances to 2.
    发布者Publisher 11 Standard_A1 -(1 vCPU,1792 MB)Standard_A1 - (1 vCPU, 1792 MB) 通过 FTP 和 Web 部署发布内容。Publishes content via FTP and web deployment.
    FrontEndFrontEnd 11 Standard_A1 -(1 vCPU,1792 MB)Standard_A1 - (1 vCPU, 1792 MB) 将请求路由到应用服务应用。Routes requests to App Service apps.
    共享辅助角色Shared Worker 11 Standard_A1 -(1 vCPU,1792 MB)Standard_A1 - (1 vCPU, 1792 MB) 托管 Web 应用或 API 应用和 Azure Functions 应用。Hosts web or API apps and Azure Functions apps. 可能需要添加更多实例。You might want to add more instances. 作为操作员,可以定义产品/服务,并选择任何 SKU 层。As an operator, you can define your offering and choose any SKU tier. 这些层必须至少具有一个 vCPU。The tiers must have a minimum of one vCPU.

    应用服务安装程序

    Note

    不支持将 Windows Server 2016 Core 平台映像与 Azure Stack 上的 Azure 应用服务配合使用。请勿将评估映像用于生产部署。Windows Server 2016 Core isn't a supported platform image for use with Azure App Service on Azure Stack. Don't use evaluation images for production deployments.

  13. 在“选择平台映像” 框中选择 Windows Server 2016 虚拟机 (VM) 部署映像,该映像是应用服务云的计算资源提供程序提供的映像之一。In the Select Platform Image box, choose your deployment Windows Server 2016 virtual machine (VM) image from the images available in the compute resource provider for the App Service cloud. 选择“下一步”。Select Next.

  14. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 输入辅助角色 VM 管理员用户名和密码。Enter the Worker Role VM admin user name and password.

    b.b. 输入其他角色 VM 管理员用户名和密码。Enter the Other Roles VM admin user name and password.

    c.c. 选择“下一步”。Select Next.

    应用服务安装程序

  15. 在“应用服务安装程序”摘要页上,执行以下步骤:On the App Service Installer summary page, follow these steps:

    a.a. 验证所做的选择。Verify the selections you made. 若要进行更改,请使用“上一步” 按钮访问前面的页面。To make changes, use the Previous buttons to visit previous pages.

    b.b. 如果配置正确,则选中此复选框。If the configurations are correct, select the check box.

    c.c. 若要开始部署,请选择“下一步” 。To start the deployment, select Next.

    应用服务安装程序

  16. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 跟踪安装进度。Track the installation progress. Azure Stack 上的应用服务大约需要 60 分钟才能完成基于默认选择的部署。App Service on Azure Stack takes about 60 minutes to deploy based on the default selections.

    b.b. 安装程序成功完成后,请选择“退出” 。After the installer successfully finishes, select Exit.

    应用服务安装程序

部署后步骤Post-deployment Steps

Important

如果已经为应用服务 RP 提供 SQL Always On 实例,则必须 将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you've provided the App Service RP with a SQL Always On Instance you must add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

如果部署到现有虚拟网络并使用内部 IP 地址连接到文件服务器,则必须添加出站安全规则。If you're deploying to an existing virtual network and using an internal IP address to connect to your file server, you must add an outbound security rule. 此规则允许辅助角色子网和文件服务器之间的 SMB 流量。This rule enables SMB traffic between the worker subnet and the file server. 在管理员门户中,转到 WorkersNsg 网络安全组并添加具有以下属性的出站安全规则:In the administrator portal, go to the WorkersNsg Network Security Group and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

验证 Azure Stack 上的应用服务安装Validate the App Service on Azure Stack installation

  1. 在 Azure Stack 管理员门户中,转到“管理 - 应用服务” 。In the Azure Stack administrator portal, go to Administration - App Service.

  2. 在“概述”中,在“状态”下,检查“状态” 是否显示了“所有角色已就绪” 。In the overview, under status, check to see that the Status displays All roles are ready.

    应用服务管理

体验 Azure Stack 上的应用服务Test drive App Service on Azure Stack

部署并注册应用服务资源提供程序后,对其进行测试以确保用户可以部署 Web 应用和 API 应用。After you deploy and register the App Service resource provider, test it to make sure that users can deploy web and API apps.

Note

需要创建一个套餐,其中的计划包含 Microsoft.Web 命名空间。You need to create an offer that has the Microsoft.Web namespace in the plan. 此外还需订阅此套餐的租户订阅。You also need a tenant subscription that subscribes to the offer. 有关详细信息,请参阅创建套餐创建计划For more info, see Create offer and Create plan.

必须有租户订阅,才能创建使用 Azure Stack 上的应用服务的应用。You must have a tenant subscription to create apps that use App Service on Azure Stack. 服务管理员只能在管理员门户中完成的任务与资源提供程序对应用服务的管理相关。The only tasks that a service admin can complete in the administrator portal are related to the resource provider administration of App Service. 这包括添加容量、配置部署源以及添加辅助角色层和 SKU。This includes adding capacity, configuring deployment sources, and adding Worker tiers and SKUs.

若要创建 Web 应用、API 应用和 Azure Functions 应用,必须使用租户门户并具有租户订阅。To create web, API, and Azure Functions apps, you must use the tenant portal and have a tenant subscription.

若要创建测试性 Web 应用,请执行以下步骤:To create a test web app, follow these steps:

  1. 在 Azure Stack 用户门户中,选择“+ 创建资源” > “Web + 移动” > “Web 应用” 。In the Azure Stack user portal, select + Create a resource > Web + Mobile > Web App.

  2. 在“Web 应用”下的“Web 应用”中输入一个名称。 Under Web App, enter a name in Web app.

  3. 在“资源组”下,选择“新建” 。Under Resource Group, select New. 输入资源组的名称。Enter a name for the Resource Group.

  4. 选择“应用服务计划/位置” > “新建” 。Select App Service plan/Location > Create New.

  5. 在“应用服务计划”下,输入 应用服务计划的名称。Under App Service plan, enter a name for the App Service plan.

  6. 选择“定价层” > “免费共享” 或“共享共享” > “选择” > “确定” > “创建” 。Select Pricing tier > Free-Shared or Shared-Shared > Select > OK > Create.

  7. 此时新 Web 应用的磁贴会显示在仪表板上。A tile for the new web app appears on the dashboard. 选择磁贴。Select the tile.

  8. 在“Web 应用” 上选择“浏览” ,查看此应用的默认网站。On Web App, select Browse to view the default website for this app.

部署 WordPress、DNN 或 Django 网站(可选)Deploy a WordPress, DNN, or Django website (optional)

  1. 在 Azure Stack 租户门户中选择“+” ,转到 Azure 市场,部署 Django 网站,然后等待部署完成。In the Azure Stack tenant portal, select +, go to the Azure Marketplace, deploy a Django website, and then wait for the deployment to finish. Django Web 平台使用基于文件系统的数据库。The Django web platform uses a file system-based database. 它不需要任何其他资源提供程序,如 SQL 或 MySQL。It doesn't require any additional resource providers, such as SQL or MySQL.

  2. 如果还部署了 MySQL 资源提供程序,则可从市场部署 WordPress 网站。If you also deployed a MySQL resource provider, you can deploy a WordPress website from the Marketplace. 当系统提示输入数据库参数时,请输入用户名,其格式为 User1@Server1(使用所选的用户名和服务器名称)。When you're prompted for database parameters, enter the user name as User1@Server1, with the user name and server name of your choice.

  3. 如果还部署了 SQL Server 资源提供程序,则可从市场部署 DNN 网站。If you also deployed a SQL Server resource provider, you can deploy a DNN website from the Marketplace. 当系统提示输入数据库参数时,请在运行 SQL Server 的计算机中选择连接到资源提供程序的数据库。When you're prompted for database parameters, choose a database in the computer running SQL Server that's connected to your resource provider.

后续步骤Next steps

准备 Azure Stack 上的应用服务的其他管理操作:Prepare for additional admin operations for App Service on Azure Stack: