为 Azure Stack Hub 用户启用 Azure CLIEnable Azure CLI for Azure Stack Hub users

可以向 Azure Stack Hub 的用户提供 CA 根证书,使他们能够在其开发计算机上启用 Azure CLI。You can provide the CA root certificate to users of Azure Stack Hub so that they can enable Azure CLI on their development machines. 用户需使用该证书通过 CLI 管理资源。Your users need the certificate to manage resources through CLI.

  • 如果用户通过 Azure Stack 开发工具包 (ASDK) 外部的工作站使用 CLI,则 Azure Stack Hub CA 根证书是必需的。The Azure Stack Hub CA root certificate is required if users are using CLI from a workstation outside the Azure Stack Development Kit (ASDK).

  • 虚拟机 (VM) 别名终结点提供在部署 VM 时以单个参数形式引用映像发布者、产品/服务、SKU 和版本的别名,如“UbuntuLTS”或“Win2012Datacenter”。The virtual machine (VM) aliases endpoint provides an alias, like "UbuntuLTS" or "Win2012Datacenter," that references an image publisher, offer, SKU, and version as a single parameter when deploying VMs.

以下部分介绍如何获取这些值。The following sections describe how to get these values.

导出 Azure Stack Hub CA 根证书Export the Azure Stack Hub CA root certificate

如果使用集成系统,则无需导出 CA 根证书。If you're using an integrated system, you don't need to export the CA root certificate. 需要在 ASDK 中导出 CA 根证书。You need to export the CA root certificate on the ASDK.

若要以 PEM 格式导出 ASDK 根证书,请登录并运行以下脚本:To export the ASDK root certificate in PEM format, sign in and run the following script:

$label = "AzureStackSelfSignedRootCert"
Write-Host "Getting certificate from the current user trusted store with subject CN=$label"
$root = Get-ChildItem Cert:\CurrentUser\Root | Where-Object Subject -eq "CN=$label" | select -First 1
if (-not $root)
{
    Write-Error "Certificate with subject CN=$label not found"
    return
}

Write-Host "Exporting certificate"
Export-Certificate -Type CERT -FilePath root.cer -Cert $root

Write-Host "Converting certificate to PEM format"
certutil -encode root.cer root.pem

设置 VM 别名终结点Set up the VM aliases endpoint

Azure Stack Hub 操作员应设置可公开访问的终结点来托管 VM 别名文件。Azure Stack Hub operators should set up a publicly accessible endpoint that hosts a VM alias file. VM 别名文件是一个 JSON 文件,提供映像的公用名称。The VM alias file is a JSON file that provides a common name for an image. 以 Azure CLI 参数形式部署 VM 时,将使用该名称。You use the name when you deploy a VM as an Azure CLI parameter.

向别名文件添加条目之前,请确保从 Azure 市场下载映像,或者已发布自己的自定义映像Before you add an entry to an alias file, make sure that you download images from the Azure Marketplace or have published your own custom image. 如果发布自定义映像,请记下发布过程中指定的发布者、产品/服务、SKU 和版本信息。If you publish a custom image, make note of the publisher, offer, SKU, and version info that you specified during publishing. 如果映像来自市场,可以使用 Get-AzureVMImage cmdlet 查看信息。If it's an image from the marketplace, you can view the info by using the Get-AzureVMImage cmdlet.

可以使用包含许多常见映像别名的示例别名文件A sample alias file with many common image aliases is available. 可以使用该文件作为起点。You can use that as a starting point. 将该文件托管在 CLI 客户端可以访问它的空间。Host this file in a space where your CLI clients can reach it. 一种方法是将该文件托管在 blob 存储帐户中并与用户共享 URL:One way is to host the file in a blob storage account and share the URL with your users:

  1. 从 GitHub 下载示例文件Download the sample file from GitHub.
  2. 在 Azure Stack Hub 中创建存储帐户。Create a storage account in Azure Stack Hub. 完成该操作后,将创建 Blob 容器。When that's done, create a blob container. 将访问策略设置为“公开”。Set the access policy to "public."
  3. 将 JSON 文件上传到新容器。Upload the JSON file to the new container. 完成该操作后,可以查看 blob 的 URL。When that's done, you can view the URL of the blob. 选择 blob 名称,然后从 blob 属性中选择该 URL。Select the blob name and then select the URL from the blob properties.

后续步骤Next steps