在 Azure Stack Hub 中部署应用服务Deploy App Service in Azure Stack Hub

重要

请将 2002 更新应用于 Azure Stack Hub 集成系统,或部署最新的 Azure Stack 开发工具包 (ASDK),然后部署 Azure 应用服务 2020 Q2。Apply the 2002 update to your Azure Stack Hub integrated system or deploy the latest Azure Stack Development Kit (ASDK), before you deploy Azure App Service 2020 Q2. 此外,请务必阅读 2020 Q2 发行说明,了解新功能、修补程序以及可能影响部署的任何已知问题。Be sure to also read the 2020 Q2 release notes to learn about new functionality, fixes, and any known issues that could affect your deployment.

重要

在运行资源提供程序安装程序之前,必须完成准备工作中的步骤Before you run the resource provider installer, you must complete the steps in Before you get started

本文介绍如何在 Azure Stack Hub 中部署应用服务,从而使你的用户能够创建 Web 应用程序、API 应用程序和 Azure Functions 应用程序。In this article you learn how to deploy App Service in Azure Stack Hub, which gives your users the ability to create Web, API and Azure Functions applications. 你需要:You need to:

  • 执行本文所述步骤,将应用服务资源提供程序添加到 Azure Stack Hub 部署。Add the App Service resource provider to your Azure Stack Hub deployment using the steps described in this article.
  • 安装应用服务资源提供程序后,可以将其包括在套餐和计划中。After you install the App Service resource provider, you can include it in your offers and plans. 然后,用户可以通过订阅获取服务并开始创建应用。Users can then subscribe to get the service and start creating apps.

运行应用服务资源提供程序安装程序Run the App Service resource provider installer

安装应用服务资源提供程序至少需要一小时。Installing the App Service resource provider takes at least an hour. 所需时长取决于部署的角色实例数。The length of time needed depends on how many role instances you deploy. 部署期间,安装程序运行以下任务:During the deployment, the installer runs the following tasks:

  • 在“默认提供程序订阅”中注册所需的资源提供程序Registers the required resource providers in the Default Provider Subscription
  • 授予参与者对应用服务标识应用程序的访问权限Grants contributor access to the App Service Identity application
  • 创建资源组和虚拟网络(如有必要)Create Resource Group and Virtual network (if necessary)
  • 创建用于应用服务安装项目、使用情况服务和资源混合的存储帐户和容器Create Storage accounts and containers for App Service installation artifacts, usage service, and resource hydration
  • 下载应用服务项目并将其上传到应用服务存储帐户Download App Service artifacts and upload them to the App Service storage account
  • 部署应用服务Deploy the App Service
  • 注册使用情况服务Register the usage service
  • 为应用服务创建 DNS 条目Create DNS Entries for App Service
  • 注册应用服务管理员和租户资源提供程序Register the App Service admin and tenant resource providers
  • 注册库项 - Web、API、函数应用、应用服务计划、WordPress、DNN、Orchard 和 Django 应用程序Register Gallery Items - Web, API, Function App, App Service Plan, WordPress, DNN, Orchard, and Django applications

若要部署应用服务资源提供程序,请执行以下步骤:To deploy App Service resource provider, follow these steps:

  1. 在可以访问“Azure Stack Hub 管理”Azure 资源管理终结点的计算机上,以管理员身份运行 appservice.exe。Run appservice.exe as an admin from a computer that can access the Azure Stack Hub Admin Azure Resource Management Endpoint.

  2. 选择“部署应用服务或升级到最新版本”。Select Deploy App Service or upgrade to the latest version.

    应用服务安装程序

  3. 查看并接受 Microsoft 软件许可条款,然后选择“下一步”。Review and accept the Microsoft Software License Terms and then select Next.

  4. 查看并接受第三方许可条款,然后选择“下一步”。Review and accept the third-party license terms and then select Next.

  5. 请确保应用服务云配置信息正确无误。Make sure that the App Service cloud configuration information is correct. 如果在 ASDK 部署过程中使用了默认设置,则可接受默认值。If you used the default settings during ASDK deployment, you can accept the default values. 但是,如果在部署 ASDK 时自定义了选项,或者要部署到 Azure Stack Hub 集成系统,则必须在此窗口中根据差异情况编辑相应的值。But, if you customized the options when you deployed the ASDK, or are deploying on an Azure Stack Hub integrated system, you must edit the values in this window to reflect the differences.

    例如,如果使用域后缀 mycloud.com,则必须将“Azure Stack Hub 租户”Azure 资源管理器终结点更改为 management.<区域>.mycloud.com。For example, if you use the domain suffix mycloud.com, your Azure Stack Hub Tenant Azure Resource Manager endpoint must change to management.<region>.mycloud.com. 查看这些设置,然后选择“下一步”以保存设置。Review these settings, and then select Next to save the settings.

    应用服务安装程序

  6. 在下一个应用服务安装程序页上,你将连接到 Azure Stack Hub:On the next App Service Installer page you will connect to your Azure Stack Hub:

    1. 选择要使用的连接方法-“凭据”或“服务主体” Select the connection method you wish to use - Credential or Service Principal

      • 凭据Credential

        • 如果使用 Azure Active Directory (Azure AD),请输入在部署 Azure Stack Hub 时提供的 Azure AD 管理员帐户和密码。If you're using Azure Active Directory (Azure AD), enter the Azure AD admin account and password that you provided when you deployed Azure Stack Hub. 选择“连接” 。Select Connect.
        • 如果使用 Active Directory 联合身份验证服务 (AD FS),请提供管理员帐户。If you're using Active Directory Federation Services (AD FS), provide your admin account. 例如,cloudadmin@azurestack.local。For example, cloudadmin@azurestack.local. 输入密码,然后选择“连接”。Enter your password, and then select Connect.
      • 服务主体Service Principal

        • 使用的服务主体必须对“默认提供程序订阅”拥有“所有者”权限 The service principal that you use must have Owner rights on the Default Provider Subscription
        • 提供“服务主体 ID”、“证书文件”和“密码”,然后选择“连接” 。Provide the Service Principal ID, Certificate File, and Password and select Connect.
    2. 在“Azure Stack Hub 订阅”中,选择“默认提供程序订阅”。 In Azure Stack Hub Subscriptions, select the Default Provider Subscription. Azure Stack Hub 上的 Azure 应用服务必须部署在默认提供程序订阅中。Azure App Service on Azure Stack Hub must be deployed in the Default Provider Subscription.

    3. 在“Azure Stack Hub 位置”中,选择要部署到的区域所对应的位置。In the Azure Stack Hub Locations, select the location that corresponds to the region you're deploying to. 例如,若要部署到 ASDK,请选择“本地”。For example, select local if you're deploying to the ASDK.

    应用服务安装程序

  7. 现在,可以部署到使用这些步骤配置的现有虚拟网络中,或者让应用服务安装程序创建新的虚拟网络和子网。Now you can deploy into an existing virtual network that you configured using these steps, or let the App Service installer create a new virtual network and subnets. 若要创建 VNet,请执行以下步骤:To create a VNet, follow these steps:

    a.a. 选择“使用默认设置创建 VNet”,接受默认值,然后选择“下一步”。 Select Create VNet with default settings, accept the defaults, and then select Next.

    b.b. 也可选择“使用现有的 VNet 和子网”。Alternatively, select Use existing VNet and Subnets. 完成以下操作:Complete the following actions:

    • 选择包含虚拟网络的资源组Select the Resource Group that contains your virtual network.
    • 选择要部署到其中的虚拟网络的名称。Choose the Virtual Network name that you want to deploy to.
    • 为每个所需角色子网选择正确的“子网”值。Select the correct Subnet values for each of the required role subnets.
    • 选择“下一步”。Select Next.

    应用服务安装程序

  8. 输入文件共享的信息,然后选择“下一步”。Enter the info for your file share and then select Next. 文件共享的地址必须使用文件服务器的完全限定域名 (FQDN) 或 IP 地址。The address of the file share must use the Fully Qualified Domain Name (FQDN) or the IP address of your File Server. 例如 \\appservicefileserver.local.cloudapp.azurestack.external\websites,或 \\10.0.0.1\websites。For example, \\appservicefileserver.local.cloudapp.azurestack.external\websites, or \\10.0.0.1\websites. 如果使用已加入域的文件服务器,则必须提供包含域的完整用户名。If you're using a file server, which is domain joined, you must provide the full username including domain. 例如 myfileserverdomain\FileShareOwner。For example, myfileserverdomain\FileShareOwner.

    备注

    在继续下一步之前,安装程序会尝试测试与文件共享的连接。The installer tries to test connectivity to the file share before proceeding. 不过,如果是部署到现有的虚拟网络,此连接测试可能会失败。But, if you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果文件共享信息正确,请继续部署。If the file share info is correct, continue the deployment.

    应用服务安装程序

  9. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 在“标识应用程序 ID”框中,输入作为先决条件一部分创建的标识应用程序的 GUID。In the Identity Application ID box, enter the GUID for the Identity application you created as part of the pre-requisites.

    b.b. 在“标识应用程序证书文件”框中,输入(或浏览到)证书文件的位置。In the Identity Application certificate file box, enter (or browse to) the location of the certificate file.

    c.c. 在“标识应用程序证书密码”框中,输入证书的密码。In the Identity Application certificate password box, enter the password for the certificate. 此密码是在使用脚本创建证书时记下的密码。This password is the one that you made note of when you used the script to create the certificates.

    d.d. 在“Azure 资源管理器根证书文件”框中,输入(或浏览到)证书文件的位置。In the Azure Resource Manager root certificate file box, enter (or browse to) the location of the certificate file.

    e.e. 选择“下一步”。Select Next.

    应用服务安装程序

  10. 对于三个证书文件框的每一个框,请选择“浏览”并导航到相应的证书文件。For each of the three certificate file boxes, select Browse and navigate to the appropriate certificate file. 必须为每个证书提供密码。You must provide the password for each certificate. 这些证书是在 Azure Stack Hub 上部署应用服务的先决条件中创建的证书。These certificates are the ones that you created in Prerequisites for deploying App Service on Azure Stack Hub. 输入所有信息后,选择“下一步”。Select Next after entering all the information.

    BoxBox 证书文件名示例Certificate file name example
    应用服务默认 SSL 证书文件App Service default SSL certificate file _.appservice.local.AzureStack.external.pfx_.appservice.local.AzureStack.external.pfx
    应用服务 API SSL 证书文件App Service API SSL certificate file api.appservice.local.AzureStack.external.pfxapi.appservice.local.AzureStack.external.pfx
    应用服务发布者 SSL 证书文件App Service Publisher SSL certificate file ftp.appservice.local.AzureStack.external.pfxftp.appservice.local.AzureStack.external.pfx

    如果在创建证书时使用了其他域后缀,证书文件名不要使用 local.AzureStack.externalIf you used a different domain suffix when you created the certificates, your certificate file names don't use local.AzureStack.external. 而要改用自定义域信息。Instead, use your custom domain info.

    应用服务安装程序

  11. 为用于托管应用服务资源提供程序数据库的服务器实例输入 SQL Server 详细信息,然后选择“下一步”。Enter the SQL Server details for the server instance used to host the App Service resource provider database and then select Next. 安装程序将验证 SQL 连接属性。The installer validates the SQL connection properties.

    在继续下一步之前,应用服务安装程序会尝试测试与 SQL Server 的连接。The App Service installer tries to test connectivity to the SQL Server before proceeding. 如果是部署到现有的虚拟网络,此连接测试可能会失败。If you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果 SQL Server 信息正确,请继续部署。If the SQL Server info is correct, continue the deployment.

    应用服务安装程序

  12. 查看角色实例和 SKU 选项。Review the role instance and SKU options. 默认设置中填充了生产部署中每个角色的最小实例数和最低 SKU 层级。The defaults populate with the minimum number of instances and the minimum SKU for each role in a production deployment. 对于 ASDK 部署,可以将实例纵向缩减到更低的 SKU,以减少核心和内存提交,但性能会下降。For ASDK deployment, you can scale the instances down to lower SKUs to reduce the core and memory commit but you will experience a performance degradation. 提供 vCPU 和内存要求摘要是为了帮助你规划部署。A summary of vCPU and memory requirements is provided to help plan your deployment. 进行选择后,请选择“下一步”。After you make your selections, select Next.

    备注

    对于生产部署,请按照 Azure Stack Hub 中 Azure 应用服务服务器角色的容量规划中的指南进行操作。For production deployments, following the guidance in Capacity planning for Azure App Service server roles in Azure Stack Hub.

    角色Role 最小实例数Minimum instances 最小 SKUMinimum SKU 注释Notes
    控制器Controller 22 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 管理和维护应用服务云的运行状况。Manages and maintains the health of the App Service cloud.
    管理Management 11 Standard_D3_v2 -(4 核,14336 MB)Standard_D3_v2 - (4 cores, 14336 MB) 管理应用服务 Azure 资源管理器和 API 终结点、门户扩展(管理员门户、租户门户、Functions 门户)和数据服务。Manages the App Service Azure Resource Manager and API endpoints, portal extensions (admin, tenant, Functions portal), and the data service. 为了支持故障转移,已将建议的实例数增加到 2 个。To support failover, increase the recommended instances to 2.
    发布者Publisher 11 Standard_A2_v2 -(2 核,4096 MB)Standard_A2_v2 - (2 cores, 4096 MB) 通过 FTP 和 Web 部署发布内容。Publishes content via FTP and web deployment.
    FrontEndFrontEnd 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 将请求路由到应用服务应用。Routes requests to App Service apps.
    共享辅助角色Shared Worker 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 托管 Web 应用或 API 应用和 Azure Functions 应用。Hosts web or API apps and Azure Functions apps. 可能需要添加更多实例。You might want to add more instances. 作为操作员,可以定义产品/服务,并选择任何 SKU 层。As an operator, you can define your offering and choose any SKU tier. 这些层必须至少具有一个 vCPU。The tiers must have a minimum of one vCPU.

    应用服务安装程序

    备注

    不支持将 Windows Server 2016 Core 平台映像与 Azure Stack Hub 上的 Azure 应用服务配合使用。请勿将评估映像用于生产部署。Windows Server 2016 Core isn't a supported platform image for use with Azure App Service on Azure Stack Hub. Don't use evaluation images for production deployments.

  13. 在“选择平台映像”框中选择 Windows Server 2016 虚拟机 (VM) 部署映像,该映像是应用服务云的计算资源提供程序提供的映像之一。In the Select Platform Image box, choose your deployment Windows Server 2016 virtual machine (VM) image from the images available in the compute resource provider for the App Service cloud. 选择“下一步”。Select Next.

  14. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 输入辅助角色 VM 管理员用户名和密码。Enter the Worker Role VM admin user name and password.

    b.b. 输入其他角色 VM 管理员用户名和密码。Enter the Other Roles VM admin user name and password.

    c.c. 选择“下一步”。Select Next.

    应用服务安装程序

  15. 在“应用服务安装程序”摘要页上,执行以下步骤:On the App Service Installer summary page, follow these steps:

    a.a. 验证所做的选择。Verify the selections you made. 若要进行更改,请使用“上一步”按钮访问前面的页面。To make changes, use the Previous buttons to visit previous pages.

    b.b. 如果配置正确,则选中此复选框。If the configurations are correct, select the check box.

    c.c. 若要开始部署,请选择“下一步”。To start the deployment, select Next.

    应用服务安装程序

  16. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 跟踪安装进度。Track the installation progress. 部署 Azure Stack Hub 上的应用服务最长可能需要 240 分钟,具体取决于所做的默认选择,以及 Windows 2016 Datacenter 基础映像的期限。App Service on Azure Stack Hub can take up to 240 minutes to deploy based on the default selections and age of the base Windows 2016 Datacenter image.

    b.b. 安装程序成功完成后,请选择“退出”。After the installer successfully finishes, select Exit.

    应用服务安装程序

部署后步骤Post-deployment Steps

重要

如果已经为应用服务 RP 提供 SQL Always On 实例,则必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you've provided the App Service RP with a SQL Always On Instance you must add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

如果部署到现有虚拟网络并使用内部 IP 地址连接到文件服务器,则必须添加出站安全规则。If you're deploying to an existing virtual network and using an internal IP address to connect to your file server, you must add an outbound security rule. 此规则允许辅助角色子网和文件服务器之间的 SMB 流量。This rule enables SMB traffic between the worker subnet and the file server. 在管理员门户中,转到 WorkersNsg 网络安全组并添加具有以下属性的出站安全规则:In the administrator portal, go to the WorkersNsg Network Security Group and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

验证 Azure Stack Hub 上的应用服务安装Validate the App Service on Azure Stack Hub installation

  1. 在 Azure Stack Hub 管理员门户中,转到“管理 - 应用服务”。In the Azure Stack Hub administrator portal, go to Administration - App Service.

  2. 在“概述”中,在“状态”下,检查“状态”是否显示了“所有角色已就绪”。In the overview, under status, check to see that the Status displays All roles are ready.

    应用服务管理

体验 Azure Stack Hub 上的应用服务Test drive App Service on Azure Stack Hub

部署并注册应用服务资源提供程序后,对其进行测试以确保用户可以部署 Web 应用和 API 应用。After you deploy and register the App Service resource provider, test it to make sure that users can deploy web and API apps.

备注

需要创建一个套餐,其中的计划包含 Microsoft.Web 命名空间。You need to create an offer that has the Microsoft.Web namespace in the plan. 此外还需订阅此套餐的租户订阅。You also need a tenant subscription that subscribes to the offer. 有关详细信息,请参阅创建套餐创建计划For more info, see Create offer and Create plan.

必须有租户订阅,才能创建使用 Azure Stack Hub 上的应用服务的应用。You must have a tenant subscription to create apps that use App Service on Azure Stack Hub. 服务管理员只能在管理员门户中完成的任务与资源提供程序对应用服务的管理相关。The only tasks that a service admin can complete in the administrator portal are related to the resource provider administration of App Service. 这包括添加容量、配置部署源以及添加辅助角色层和 SKU。This includes adding capacity, configuring deployment sources, and adding Worker tiers and SKUs.

若要创建 Web 应用、API 应用和 Azure Functions 应用,必须使用用户门户并具有租户订阅。To create web, API, and Azure Functions apps, you must use the user portal and have a tenant subscription.

若要创建测试性 Web 应用,请执行以下步骤:To create a test web app, follow these steps:

  1. 在 Azure Stack Hub 用户门户中,选择“+ 创建资源” > “Web + 移动” > “Web 应用” 。In the Azure Stack Hub user portal, select + Create a resource > Web + Mobile > Web App.

  2. 在“Web 应用”下的“Web 应用”中输入一个名称。 Under Web App, enter a name in Web app.

  3. 在“资源组”下,选择“新建” 。Under Resource Group, select New. 输入资源组的名称。Enter a name for the Resource Group.

  4. 选择“应用服务计划/位置” > “新建”。Select App Service plan/Location > Create New.

  5. 在“应用服务计划”下,输入 应用服务计划的名称。Under App Service plan, enter a name for the App Service plan.

  6. 选择“定价层” > “免费共享”或“共享共享” > “选择” > “确定” > “创建”。Select Pricing tier > Free-Shared or Shared-Shared > Select > OK > Create.

  7. 此时新 Web 应用的磁贴会显示在仪表板上。A tile for the new web app appears on the dashboard. 选择磁贴。Select the tile.

  8. 在“Web 应用”上选择“浏览”,查看此应用的默认网站。On Web App, select Browse to view the default website for this app.

部署 WordPress、DNN 或 Django 网站(可选)Deploy a WordPress, DNN, or Django website (optional)

  1. 在 Azure Stack Hub 用户门户中选择“+”,转到 Azure 市场,部署 Django 网站,然后等待部署完成。In the Azure Stack Hub user portal, select +, go to the Azure Marketplace, deploy a Django website, and then wait for the deployment to finish. Django Web 平台使用基于文件系统的数据库。The Django web platform uses a file system-based database. 它不需要任何其他资源提供程序,如 SQL 或 MySQL。It doesn't require any additional resource providers, such as SQL or MySQL.

  2. 如果还部署了 MySQL 资源提供程序,则可从市场部署 WordPress 网站。If you also deployed a MySQL resource provider, you can deploy a WordPress website from the Marketplace. 当系统提示输入数据库参数时,请输入用户名,其格式为 User1@Server1(使用所选的用户名和服务器名称)。When you're prompted for database parameters, enter the user name as User1@Server1, with the user name and server name of your choice.

  3. 如果还部署了 SQL Server 资源提供程序,则可从市场部署 DNN 网站。If you also deployed a SQL Server resource provider, you can deploy a DNN website from the Marketplace. 当系统提示输入数据库参数时,请在运行 SQL Server 的计算机中选择连接到资源提供程序的数据库。When you're prompted for database parameters, choose a database in the computer running SQL Server that's connected to your resource provider.

本文介绍如何将 Azure 应用服务资源提供程序部署到处于以下状态的 Azure Stack Hub 环境中:In this article you learn how to deploy the Azure App Service resource provider to an Azure Stack Hub environment that is:

  • 未连接到 Internet。Not connected to the internet.
  • 受 Active Directory 联合身份验证服务 (AD FS) 保护。Secured by Active Directory Federation Services (AD FS).

若要将 Azure 应用服务资源提供程序添加到脱机的 Azure Stack Hub 部署,必须完成以下顶级任务:To add the Azure App Service resource provider to your offline Azure Stack Hub deployment, you must complete these top-level tasks:

  1. 完成先决条件步骤(例如购买证书,可能需要数天才能接收到)。Complete the prerequisite steps (like purchasing certificates, which can take a few days to receive).
  2. 下载并提取安装文件和帮助器文件到连接 Internet 的计算机。Download and extract the installation and helper files to a machine that's connected to the internet.
  3. 创建脱机安装包。Create an offline installation package.
  4. 运行 appservice.exe 安装程序文件。Run the appservice.exe installer file.

创建脱机安装包Create an offline installation package

若要在离线环境中部署 Azure 应用服务,请先在连接到 Internet 的计算机上创建脱机安装包。To deploy Azure App Service in an offline environment, first create an offline installation package on a machine that's connected to the internet.

  1. 在连接到 Internet 的计算机上运行 AppService.exe 安装程序。Run the AppService.exe installer on a machine that's connected to the internet.

  2. 选择“高级” > “创建脱机安装包”。Select Advanced > Create offline installation package. 此步骤需要几分钟才能完成。This step will take several minutes to complete.

    在 Azure 应用服务安装程序中创建脱机包

  3. Azure 应用服务安装程序创建脱机安装包并显示其路径。The Azure App Service installer creates an offline installation package and displays the path to it. 可以选择“打开文件夹”,在文件资源管理器中打开该文件夹。You can select Open folder to open the folder in File Explorer.

    已成功在 Azure 应用服务安装程序中生成脱机安装包

  4. 将安装程序 (AppService.exe) 和脱机安装包复制到已连接 Azure Stack Hub 的计算机。Copy the installer (AppService.exe) and the offline installation package to a machine that has connectivity to your Azure Stack Hub.

在 Azure Stack Hub 上完成 Azure 应用服务的脱机安装Complete the offline installation of Azure App Service on Azure Stack Hub

  1. 在可以访问“Azure Stack Hub 管理”Azure 资源管理终结点的计算机上,以管理员身份运行 appservice.exe。Run appservice.exe as an admin from a computer that can reach the Azure Stack Hub Admin Azure Resource Management endpoint.

  2. 选择“高级” > “完成脱机安装”。Select Advanced > Complete offline installation.

    在 Azure 应用服务安装程序中完成脱机安装

  3. 浏览到前面创建的脱机安装包的位置,选择选择“下一步”。Browse to the location of the offline installation package you previously created, and then select Next.

    在 Azure 应用服务安装程序中指定脱机安装包路径

  4. 查看并接受 Microsoft 软件许可条款,然后选择“下一步”。Review and accept the Microsoft Software License Terms, and then select Next.

  5. 查看并接受第三方许可条款,然后选择“下一步”。Review and accept the third-party license terms, and then select Next.

  6. 请确保 Azure 应用服务云配置信息正确无误。Make sure the Azure App Service cloud configuration info is correct. 如果在 ASDK 部署过程中使用了默认设置,则此处可以接受默认值。If you used the default settings during ASDK deployment, you can accept the default values here. 但是,如果在部署 Azure Stack Hub 时自定义了选项,或者要部署到集成系统,则必须在此窗口中编辑相应的值,以反映这些更改。However, if you customized the options when you deployed Azure Stack Hub or are deploying on an integrated system, you must edit the values in this window to reflect those changes. 例如,如果使用域后缀 mycloud.com,则必须将“Azure Stack Hub 租户”Azure 资源管理器终结点更改为 management.<region>.mycloud.comFor example, if you use the domain suffix mycloud.com, your Azure Stack Hub Tenant Azure Resource Manager endpoint must change to management.<region>.mycloud.com. 确认信息后,选择“下一步”。After you confirm your info, select Next.

    在 Azure 应用服务安装程序中配置 Azure 应用服务云

  7. 在下一个应用服务安装程序页上,你将连接到 Azure Stack Hub:On the next App Service Installer page you will connect to your Azure Stack Hub:

    1. 选择要使用的连接方法-“凭据”或“服务主体” Select the connection method you wish to use - Credential or Service Principal

      • 凭据Credential
        • 如果使用 Azure Active Directory (Azure AD),请输入在部署 Azure Stack Hub 时提供的 Azure AD 管理员帐户和密码。If you're using Azure Active Directory (Azure AD), enter the Azure AD admin account and password that you provided when you deployed Azure Stack Hub. 选择“连接” 。Select Connect.
        • 如果使用 Active Directory 联合身份验证服务 (AD FS),请提供管理员帐户。If you're using Active Directory Federation Services (AD FS), provide your admin account. 例如,cloudadmin@azurestack.local。For example, cloudadmin@azurestack.local. 输入密码,然后选择“连接”。Enter your password, and then select Connect.
      • 服务主体Service Principal
        • 使用的服务主体必须对“默认提供程序订阅”拥有“所有者”权限 The service principal that you use must have Owner rights on the Default Provider Subscription
        • 提供“服务主体 ID”、“证书文件”和“密码”,然后选择“连接” 。Provide the Service Principal ID, Certificate File, and Password and select Connect.
    2. 在“Azure Stack Hub 订阅”中,选择“默认提供程序订阅”。 In Azure Stack Hub Subscriptions, select the Default Provider Subscription. Azure Stack Hub 上的 Azure 应用服务必须部署在默认提供程序订阅中。Azure App Service on Azure Stack Hub must be deployed in the Default Provider Subscription.

    3. 在“Azure Stack Hub 位置”中,选择要部署到的区域所对应的位置。In the Azure Stack Hub Locations, select the location that corresponds to the region you're deploying to. 例如,若要部署到 ASDK,请选择“本地”。For example, select local if you're deploying to the ASDK.

  8. 可以让 Azure 应用服务安装程序创建虚拟网络和关联的子网。You can allow the Azure App Service installer to create a virtual network and associated subnets. 或者,可以部署到通过这些步骤配置的现有虚拟网络。Or, you can deploy into an existing virtual network, as configured through these steps.

    • 若要使用 Azure 应用服务安装程序方法,请选择“使用默认设置创建 VNet”,接受默认设置,然后选择“下一步”。 To use the Azure App Service installer method, select Create VNet with default settings, accept the defaults, and then select Next.

    • 若要部署到现有网络,请选择“使用现有 VNet 和子网”,然后:To deploy into an existing network, select Use existing VNet and Subnets, and then:

      1. 选择包含该虚拟网络的“资源组”选项。Select the Resource Group option that contains your virtual network.
      2. 选择要部署到其中的虚拟网络的名称。Choose the Virtual Network name you want to deploy into.
      3. 为每个所需角色子网选择正确的“子网”值。Select the correct Subnet values for each of the required role subnets.
      4. 选择“下一步”。Select Next.

      Azure 应用服务安装程序中的虚拟网络和子网信息

  9. 输入文件共享的信息,然后选择“下一步”。Enter the info for your file share and then select Next. 文件共享的地址必须使用文件服务器的完全限定域名 (FQDN) 或 IP 地址。The address of the file share must use the Fully Qualified Domain Name (FQDN) or IP address of your file server. 例如 \\appservicefileserver.local.cloudapp.azurestack.external\websites,或 \\10.0.0.1\websites。For example: \\appservicefileserver.local.cloudapp.azurestack.external\websites, or \\10.0.0.1\websites. 如果使用已加入域的文件服务器,则必须提供包含域的完整用户名。If you're using a file server that's domain-joined, you must provide the full user name, including the domain. 例如:<myfileserverdomain>\<FileShareOwner>For example: <myfileserverdomain>\<FileShareOwner>.

    备注

    在继续下一步之前,安装程序会尝试测试与文件共享的连接。The installer tries to test connectivity to the file share before proceeding. 但是,如果前面已选择部署到现有虚拟网络,则安装程序可能无法连接到文件共享,并显示警告来询问是否继续。However, if you choose to deploy into an existing virtual network, the installer might be unable to connect to the file share and displays a warning asking whether you want to continue. 验证文件共享信息,如果正确,请继续。Verify the file share info and continue if it's correct.

    Azure 应用服务安装程序中的文件共享信息

  10. 在下一页上执行以下操作:On the next page:

    1. 在“标识应用程序 ID”框中,输入作为先决条件一部分创建的标识应用程序的 GUID。In the Identity Application ID box, enter the GUID for the Identity application you created as part of the pre-requisites.
    2. 在“标识应用程序证书文件”框中,输入(或浏览到)证书文件的位置。In the Identity Application certificate file box, enter (or browse to) the location of the certificate file.
    3. 在“标识应用程序证书密码”框中,输入证书的密码。In the Identity Application certificate password box, enter the password for the certificate. 此密码是在使用脚本创建证书时记下的密码。This password is the one that you made note of when you used the script to create the certificates.
    4. 在“Azure 资源管理器根证书文件”框中,输入(或浏览到)证书文件的位置。In the Azure Resource Manager root certificate file box, enter (or browse to) the location of the certificate file.
    5. 选择“下一步”。Select Next.

    在 Azure 应用服务安装程序中输入应用 ID 和证书信息

  11. 对于三个证书文件框的每一个框,请选择“浏览”并导航到相应的证书文件。For each of the three certificate file boxes, select Browse and navigate to the appropriate certificate file. 必须为每个证书提供密码。You must provide the password for each certificate. 这些证书是在 Azure Stack Hub 上部署应用服务的先决条件中创建的证书。These certificates are the ones that you created in Prerequisites for deploying App Service on Azure Stack Hub. 输入所有信息后,选择“下一步”。Select Next after entering all the information.

    BoxBox 证书文件名示例Certificate file name example
    应用服务默认 SSL 证书文件App Service default SSL certificate file _.appservice.local.AzureStack.external.pfx_.appservice.local.AzureStack.external.pfx
    应用服务 API SSL 证书文件App Service API SSL certificate file api.appservice.local.AzureStack.external.pfxapi.appservice.local.AzureStack.external.pfx
    应用服务发布者 SSL 证书文件App Service Publisher SSL certificate file ftp.appservice.local.AzureStack.external.pfxftp.appservice.local.AzureStack.external.pfx

    如果在创建证书时使用了其他域后缀,证书文件名不要使用 local.AzureStack.externalIf you used a different domain suffix when you created the certificates, your certificate file names don't use local.AzureStack.external. 而要改用自定义域信息。Instead, use your custom domain info.

    在 Azure 应用服务安装程序中输入 SSL 证书信息

  12. 为用于托管 Azure 应用服务资源提供程序数据库的服务器实例输入 SQL Server 详细信息,然后选择“下一步”。Enter the SQL Server details for the server instance used to host the Azure App Service resource provider databases, and then select Next. 安装程序将验证 SQL 连接属性。The installer validates the SQL connection properties. 必须输入内部 IP 或 FQDN 作为 SQL Server 名称。You must enter either the internal IP or the FQDN for the SQL Server name.

    备注

    在继续下一步之前,安装程序会尝试测试连接到运行 SQL Server 的计算机。The installer tries to test connectivity to the computer running SQL Server before proceeding. 但是,如果前面已选择部署到现有虚拟网络,则安装程序可能无法连接到运行 SQL Server 的计算机,并显示警告来询问是否继续。However, if you chose to deploy into an existing virtual network, the installer might not be able to connect to the computer running SQL Server and displays a warning asking whether you want to continue. 验证 SQL Server 信息,如果正确,请继续。Verify the SQL Server info and continue if it's correct.

    从 Azure Stack Hub 1.3 上的 Azure 应用服务开始,安装程序将检查运行 SQL Server 的计算机是否在 SQL Server 级别启用了数据库包含。From Azure App Service on Azure Stack Hub 1.3 onward, the installer checks that the computer running SQL Server has database containment enabled at the SQL Server level. 如果未启用,则会出现以下异常提示:If it doesn't, you're prompted with the following exception:

       Enable contained database authentication for SQL server by running below command on SQL server (Ctrl+C to copy)
       ***********************************************************
       sp_configure 'contained database authentication', 1;
       GO
       RECONFIGURE;
       GO
       ***********************************************************
    

    有关详细信息,请参阅 Azure Stack Hub 上的 Azure 应用服务 1.3 发行说明For more information, see the release notes for Azure App Service on Azure Stack Hub 1.3.

    在 Azure 应用服务安装程序中输入 SQL Server 信息

  13. 查看角色实例和 SKU 选项。Review the role instance and SKU options. 默认设置中填充了生产部署中每个角色的最小实例数和最低 SKU 层级。The defaults populate with the minimum number of instances and the minimum SKU for each role in a production deployment. 对于 ASDK 部署,可以将实例纵向缩减到更低的 SKU,以减少核心和内存提交,但性能会下降。For ASDK deployment, you can scale the instances down to lower SKUs to reduce the core and memory commit but you will experience a performance degradation. 提供 vCPU 和内存要求摘要是为了帮助你规划部署。A summary of vCPU and memory requirements is provided to help plan your deployment. 进行选择后,请选择“下一步”。After you make your selections, select Next.

    备注

    对于生产部署,请遵循 Azure Stack Hub 中 Azure 应用服务服务器角色的容量规划中的指导。For production deployments, follow the guidance in Capacity planning for Azure App Service server roles in Azure Stack Hub.

    角色Role 最小实例数Minimum instances 最小 SKUMinimum SKU 注释Notes
    控制器Controller 22 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 管理和维护应用服务云的运行状况。Manages and maintains the health of the App Service cloud.
    管理Management 11 Standard_D3_v2 -(4 核,14336 MB)Standard_D3_v2 - (4 cores, 14336 MB) 管理应用服务 Azure 资源管理器和 API 终结点、门户扩展(管理员门户、租户门户、Functions 门户)和数据服务。Manages the App Service Azure Resource Manager and API endpoints, portal extensions (admin, tenant, Functions portal), and the data service. 为了支持故障转移,已将建议的实例数增加到 2 个。To support failover, increase the recommended instances to 2.
    发布者Publisher 11 Standard_A2_v2 -(2 核,4096 MB)Standard_A2_v2 - (2 cores, 4096 MB) 通过 FTP 和 Web 部署发布内容。Publishes content via FTP and web deployment.
    FrontEndFrontEnd 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 将请求路由到应用服务应用。Routes requests to App Service apps.
    共享辅助角色Shared Worker 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 托管 Web 应用或 API 应用和 Azure Functions 应用。Hosts web or API apps and Azure Functions apps. 可能需要添加更多实例。You might want to add more instances. 作为操作员,可以定义产品/服务,并选择任何 SKU 层。As an operator, you can define your offering and choose any SKU tier. 这些层必须至少具有一个 vCPU。The tiers must have a minimum of one vCPU.

    在 Azure 应用服务安装程序中设置角色层和 SKU 选项

  14. 在“选择平台映像”框中选择 Windows Server 2016 虚拟机 (VM) 部署映像,该映像是 Azure 应用服务云的计算资源提供程序提供的映像之一。In the Select Platform Image box, choose your deployment Windows Server 2016 virtual machine (VM) image from the images available on the compute resource provider for the Azure App Service cloud. 选择“下一步”。Select Next.

    备注

    不支持将 Windows Server 2016 Core 平台映像与 Azure Stack Hub 上的 Azure 应用服务配合使用。Windows Server 2016 Core is not a supported platform image for use with Azure App Service on Azure Stack Hub. 请勿将评估映像用于生产部署。Don't use evaluation images for production deployments. Azure Stack Hub 上的 Azure 应用服务要求在用于部署的映像上激活 Microsoft.NET 3.5.1 SP1。Azure App Service on Azure Stack Hub requires that Microsoft .NET 3.5.1 SP1 be activated on the image used for deployment. 通过“市场”发布的 Windows Server 2016 映像未启用此功能。Marketplace-syndicated Windows Server 2016 images don't have this feature enabled. 因此,必须在预先启用此功能的情况下创建并使用 Windows Server 2016 映像。Therefore, you must create and use a Windows Server 2016 image with this feature pre-enabled.

    有关创建自定义映像并将其添加到市场的详细信息,请参阅将自定义 VM 映像添加到 Azure Stack HubSee Add a custom VM image to Azure Stack Hub for details on creating a custom image and adding to Marketplace. 将映像添加到市场时,请务必指定以下信息:Be sure to specify the following when adding the image to Marketplace:

    • 发布者 = MicrosoftWindowsServerPublisher = MicrosoftWindowsServer
    • 套餐 = WindowsServerOffer = WindowsServer
    • SKU = 2016-DatacenterSKU = 2016-Datacenter
    • 版本 = 指定“最新”版本Version = Specify the "latest" version
  15. 在下一页上执行以下操作:On the next page:

    1. 输入辅助角色 VM 管理员用户名和密码。Enter the Worker Role VM admin user name and password.
    2. 输入其他角色 VM 管理员用户名和密码。Enter the Other Roles VM admin user name and password.
    3. 选择“下一步”。Select Next.

    在 Azure 应用服务安装程序中输入角色 VM 管理员

  16. 在摘要页上执行以下操作:On the summary page:

    1. 验证所做的选择。Verify the selections you made. 若要进行更改,请使用“上一步”按钮访问前面的页面。To make changes, use the Previous buttons to visit previous pages.
    2. 如果配置正确,则选中此复选框。If the configurations are correct, select the check box.
    3. 若要开始部署,请选择“下一步”。To start the deployment, select Next.

    在 Azure 应用服务安装程序中所做选择的摘要

  17. 在下一页上执行以下操作:On the next page:

    1. 跟踪安装进度。Track the installation progress. 部署 Azure Stack Hub 上的应用服务最长可能需要 240 分钟,具体取决于所做的默认选择,以及 Windows 2016 Datacenter 基础映像的期限。App Service on Azure Stack Hub can take up to 240 minutes to deploy based on the default selections and age of the base Windows 2016 Datacenter image.

    2. 安装程序完成运行后,请选择“退出”。After the installer finishes running, select Exit.

    在 Azure 应用服务安装程序中跟踪安装过程

部署后步骤Post-deployment steps

重要

如果已在 SQL Always On 实例上提供了 Azure 应用服务资源提供程序,必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组If you've provided the Azure App Service RP with a SQL Always On Instance, you must add the appservice_hosting and appservice_metering databases to an availability group. 此外,必须同步数据库,以防止在发生数据库故障转移时丢失任何服务。You must also synchronize the databases to prevent any loss of service in the event of a database failover.

如果选择部署到现有虚拟网络和内部 IP 地址以连接到文件服务器,则必须添加出站安全规则,以便在工作子网和文件服务器之间启用 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule, enabling SMB traffic between the worker subnet and the file server. 在管理员门户中,转到 WorkersNsg 网络安全组并添加具有以下属性的出站安全规则:In the administrator portal, go to the WorkersNsg Network Security Group and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

验证 Azure Stack Hub 上的 Azure 应用服务安装Validate the Azure App Service on Azure Stack Hub installation

  1. 在 Azure Stack Hub 管理员门户中,转到“管理 - 应用服务”。In the Azure Stack Hub administrator portal, go to Administration - App Service.

  2. 在“概述”中,在“状态”下,检查“状态”是否显示了“所有角色已就绪”。In the overview, under status, check to see that the Status displays All roles are ready.

    Azure 应用服务管理中的概述

体验 Azure Stack Hub 上的 Azure 应用服务Test drive Azure App Service on Azure Stack Hub

部署并注册 Azure 应用服务资源提供程序后,对其进行测试以确保用户可以部署 Web 应用和 API 应用。After you deploy and register the Azure App Service resource provider, test it to make sure that users can deploy web and API apps.

备注

必须创建一个套餐,其中的计划包含 Microsoft.Web 命名空间。You must create an offer that has the Microsoft.Web namespace within the plan. 然后,需要有订阅此套餐的租户订阅。Then, you need to have a tenant subscription that subscribes to this offer. 有关详细信息,请参阅创建套餐创建计划For more info, see Create offer and Create plan.

必须有租户订阅,才能创建使用 Azure Stack Hub 上的 Azure 应用服务的应用。You must have a tenant subscription to create apps that use Azure App Service on Azure Stack Hub. 服务管理员只能在管理员门户中完成的功能与资源提供程序对 Azure 应用服务的管理相关。The only capabilities that a service admin can complete within the administrator portal are related to the resource provider administration of Azure App Service. 这些功能包括添加容量、配置部署源以及添加辅助角色层和 SKU。These capabilities include adding capacity, configuring deployment sources, and adding Worker tiers and SKUs.

至于第三个技术预览版,若要创建 Web 应用、API 应用和 Azure Functions 应用,必须使用用户门户并有租户订阅。As of the third technical preview, to create web, API, and Azure Functions apps, you must use the user portal and have a tenant subscription.

  1. 在 Azure Stack Hub 用户门户中,选择“+ 创建资源” > “Web + 移动” > “Web 应用” 。In the Azure Stack Hub user portal, select + Create a resource > Web + Mobile > Web App.

  2. 在“Web 应用”边栏选项卡上的“Web 应用”框中键入名称。On the Web App blade, type a name in the Web app box.

  3. 在“资源组”下,选择“新建” 。Under Resource Group, select New. 在“资源组”框中键入名称。Type a name in the Resource Group box.

  4. 选择“应用服务计划/位置” > “新建”。Select App Service plan/Location > Create New.

  5. 在“应用服务计划”边栏选项卡上的“应用服务计划”框中键入名称。On the App Service plan blade, type a name in the App Service plan box.

  6. 选择“定价层” > “免费共享”或“共享共享” > “选择” > “确定” > “创建”。Select Pricing tier > Free-Shared or Shared-Shared > Select > OK > Create.

  7. 在不到一分钟之内,新 Web 应用的磁贴将显示在仪表板上。In less than a minute, a tile for the new web app appears on the dashboard. 选择磁贴。Select the tile.

  8. 在“Web 应用”边栏选项卡上选择“浏览”,查看此应用的默认网站。On the Web App blade, select Browse to view the default website for this app.

部署 WordPress、DNN 或 Django 网站(可选)Deploy a WordPress, DNN, or Django website (optional)

  1. 在 Azure Stack Hub 用户门户中选择 + ,转到 Azure 市场,部署 Django 网站并等待成功完成。In the Azure Stack Hub user portal, select +, go to Azure Marketplace, deploy a Django website, and wait for successful completion. Django Web 平台使用基于文件系统的数据库。The Django web platform uses a file system-based database. 它不需要任何其他资源提供程序,如 SQL 或 MySQL。It doesn't require any additional resource providers, such as SQL or MySQL.

  2. 如果还部署了 MySQL 资源提供程序,则可从 Azure 市场部署 WordPress 网站。If you also deployed a MySQL resource provider, you can deploy a WordPress website from Azure Marketplace. 当系统提示输入数据库参数时,请输入用户名,其格式为 User1@Server1(使用所选的用户名和服务器名称)。When you're prompted for database parameters, enter the user name as User1@Server1, with the user name and server name of your choice.

  3. 如果还部署了 SQL Server 资源提供程序,则可从 Azure 市场部署 DNN 网站。If you also deployed a SQL Server resource provider, you can deploy a DNN website from Azure Marketplace. 当系统提示输入数据库参数时,请在运行 SQL Server 的计算机中选择连接到资源提供程序的数据库。When you're prompted for database parameters, choose a database on the computer running SQL Server that's connected to your resource provider.

后续步骤Next steps

准备 Azure Stack Hub 上的应用服务的其他管理操作:Prepare for additional admin operations for App Service on Azure Stack Hub: