可以使用 Windows 或 Linux 计算机安装 Azure CLI 以管理 Azure Stack Hub。You can install the Azure CLI to manage Azure Stack Hub with a Windows or Linux machines.本文将指导你完成安装和设置 Azure CLI 的步骤。This article walks you through the steps of installing and setting up Azure CLI.
安装 Azure CLIInstall Azure CLI
登录到开发工作站并安装 CLI。Sign in to your development workstation and install CLI.Azure Stack Hub 需要 Azure CLI 2.0 版或更高版本。Azure Stack Hub requires version 2.0 or later of Azure CLI.
若要验证安装是否成功,请打开终端或命令提示符窗口,并运行以下命令:To verify whether the installation was successful, open a terminal or command prompt window and run the following command:
az --version
应会看到 Azure CLI 的版本,以及计算机上安装的其他依赖库。You should see the version of Azure CLI and other dependent libraries that are installed on your computer.
如果使用 Azure AD 作为标识管理服务,并在 Windows 计算机上使用 CLI,可以参考本部分完成 CLI 设置过程。This section walks you through setting up CLI if you're using Azure AD as your identity management service, and are using CLI on a Windows machine.
连接到 Azure Stack HubConnect to Azure Stack Hub
如果使用的是 ASDK,请信任 Azure Stack Hub CA 根证书。If you are using the ASDK, trust the Azure Stack Hub CA root certificate.有关说明,请参阅信任证书。For instruction, see Trust the certificate.
运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.
注册环境。Register your environment.在运行 az cloud register 时使用以下参数:Use the following parameters when running az cloud register:
值Value
示例Example
说明Description
环境名称Environment name
AzureStackUserAzureStackUser
对于用户环境,请使用 AzureStackUser。Use AzureStackUser for the user environment.如果你是操作员,请指定 AzureStackAdmin。If you're operator, specify AzureStackAdmin.
资源管理器终结点Resource Manager endpoint
https://management.contoso.partner.onmschina.cn
ASDK 中的 ResourceManagerUrl 为:https://management.local.azurestack.external/集成系统中的 ResourceManagerUrl 为:https://management.<region>.<fqdn>/ 如果对集成系统终结点有疑问,请与云操作员联系。The ResourceManagerUrl in the ASDK is: https://management.local.azurestack.external/ The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
local.azurestack.external 适用于 ASDK。local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
.vault.local.azurestack.external 适用于 ASDK。.vault.local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
终结点 active directory graph 资源 IDEndpoint active directory graph resource ID
可以在 Azure CLI 参考文档中找到 register 命令的参考。You can find a reference for the register command in the Azure CLI reference documentation.
使用以下命令设置活动环境。Set the active environment by using the following commands.
az cloud set -n <environmentname>
将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile.若要更新配置,请运行以下命令:To update the configuration, run the following command:
az cloud update --profile 2019-03-01-hybrid
使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command.
可以使用用户凭据或云运营商提供的服务主体 (SPN) 登录到 Azure Stack Hub 环境。You can sign in to the Azure Stack Hub environment using your user credentials, or with a service principal (SPN) provided to you by your cloud operator.
以用户身份登录:Sign in as a user:
可以直接在 az login 命令中指定用户名和密码,或使用浏览器进行身份验证。You can either specify the username and password directly within the az login command, or authenticate by using a browser.如果帐户已启用多重身份验证,则必须采用后一种方法。You must do the latter if your account has multi-factor authentication enabled:
az login -u "user@contoso.partner.onmschina.cn" -p 'Password123!' --tenant contoso.partner.onmschina.cn
备注
如果用户帐户已启用多重身份验证,请使用不带 -u 参数的 az login 命令。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter.运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running this command gives you a URL and a code that you must use to authenticate.
az login `
--tenant <Azure Active Directory Tenant name. `
For example: myazurestack.partner.onmschina.cn> `
--service-principal `
-u <Application Id of the Service Principal> `
-p <Key generated for the Service Principal>
验证环境是否设置正确,以及环境是否为活动云。Verify that your environment is set correctly and that your environment is the active cloud.
az cloud list --output table
应当看到环境被列出,并且“IsActive”为 true。You should see that your environment is listed and IsActive is true.例如:For example:
完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub.例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM.使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":
az group create -n MyResourceGroup -l local
如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:
如果使用 Active Directory 联合身份验证服务 (AD FS) 作为标识管理服务,并在 Windows 计算机上使用 CLI,可以参考本部分完成 CLI 设置过程。This section walks you through setting up CLI if you're using Active Directory Federated Services (AD FS) as your identity management service, and are using CLI on a Windows machine.
连接到 Azure Stack HubConnect to Azure Stack Hub
如果使用的是 ASDK,请信任 Azure Stack Hub CA 根证书。If you are using the ASDK, trust the Azure Stack Hub CA root certificate.有关说明,请参阅信任证书。For instruction, see Trust the certificate.
运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.
注册环境。Register your environment.在运行 az cloud register 时使用以下参数:Use the following parameters when running az cloud register:
值Value
示例Example
说明Description
环境名称Environment name
AzureStackUserAzureStackUser
对于用户环境,请使用 AzureStackUser。Use AzureStackUser for the user environment.如果你是操作员,请指定 AzureStackAdmin。If you're operator, specify AzureStackAdmin.
资源管理器终结点Resource Manager endpoint
https://management.local.azurestack.external
ASDK 中的 ResourceManagerUrl 为:https://management.local.azurestack.external/集成系统中的 ResourceManagerUrl 为:https://management.<region>.<fqdn>/ 如果对集成系统终结点有疑问,请与云操作员联系。The ResourceManagerUrl in the ASDK is: https://management.local.azurestack.external/ The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
local.azurestack.external 适用于 ASDK。local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
.vault.local.azurestack.external 适用于 ASDK。.vault.local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
使用以下命令设置活动环境。Set the active environment by using the following commands.
az cloud set -n <environmentname>
将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile.若要更新配置,请运行以下命令:To update the configuration, run the following command:
az cloud update --profile 2019-03-01-hybrid
备注
如果正在运行的 Azure Stack Hub 版本低于 1808 版,则必须使用 API 版本配置文件 2017-03-09-profile,而不是 API 版本配置文件 2019-03-01-hybrid。If you're running a version of Azure Stack Hub before the 1808 build, you must use the API version profile 2017-03-09-profile rather than the API version profile 2019-03-01-hybrid.还需要使用最新版本的 Azure CLI。You also need to use a recent version of the Azure CLI.
使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command.可以用户身份或以服务主体的形式登录到 Azure Stack Hub 环境。You can sign in to the Azure Stack Hub environment either as a user or as a service principal.
以用户身份登录:Sign in as a user:
可以直接在 az login 命令中指定用户名和密码,或使用浏览器进行身份验证。You can either specify the username and password directly within the az login command, or authenticate by using a browser.如果帐户已启用多重身份验证,则必须采用后一种方法。You must do the latter if your account has multi-factor authentication enabled:
az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases> --profile "2019-03-01-hybrid"
备注
如果用户帐户已启用多重身份验证,请使用不带 -u 参数的 az login 命令。If your user account has multi-factor authentication enabled, use the az login command without providing the -u parameter.运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running this command gives you a URL and a code that you must use to authenticate.
以服务主体身份登录:Sign in as a service principal:
准备要用于服务主体登录的 .pem 文件。Prepare the .pem file to be used for service principal login.
在创建主体的客户端计算机上,使用位于 cert:\CurrentUser\My 的私钥将服务主体证书导出为 pfx。On the client machine where the principal was created, export the service principal certificate as a pfx with the private key located at cert:\CurrentUser\My.证书名称与主体名称相同。The cert name has the same name as the principal.
将 pfx 转换为 pem(使用 OpenSSL 实用工具)。Convert the pfx to pem (use the OpenSSL utility).
登录到 CLI:Sign in to the CLI:
az login --service-principal \
-u <Client ID from the Service Principal details> \
-p <Certificate's fully qualified name, such as, C:\certs\spn.pem>
--tenant <Tenant ID> \
--debug
测试连接Test the connectivity
完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub.例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM.使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":
az group create -n MyResourceGroup -l local
如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:
如果使用 Azure AD 作为标识管理服务,并在 Linux 计算机上使用 CLI,可以参考本部分完成 CLI 设置过程。This section walks you through setting up CLI if you're using Azure AD as your identity management service, and are using CLI on a Linux machine.
连接到 Azure Stack HubConnect to Azure Stack Hub
使用以下步骤连接到 Azure Stack Hub:Use the following steps to connect to Azure Stack Hub:
如果使用的是 ASDK,请信任 Azure Stack Hub CA 根证书。If you are using the ASDK, trust the Azure Stack Hub CA root certificate.有关说明,请参阅信任证书。For instruction, see Trust the certificate.
运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.
注册环境。Register your environment.在运行 az cloud register 时使用以下参数:Use the following parameters when running az cloud register:
值Value
示例Example
说明Description
环境名称Environment name
AzureStackUserAzureStackUser
对于用户环境,请使用 AzureStackUser。Use AzureStackUser for the user environment.如果你是操作员,请指定 AzureStackAdmin。If you're operator, specify AzureStackAdmin.
资源管理器终结点Resource Manager endpoint
https://management.local.azurestack.external
ASDK 中的 ResourceManagerUrl 为:https://management.local.azurestack.external/集成系统中的 ResourceManagerUrl 为:https://management.<region>.<fqdn>/ 如果对集成系统终结点有疑问,请与云操作员联系。The ResourceManagerUrl in the ASDK is: https://management.local.azurestack.external/ The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
local.azurestack.external 适用于 ASDK。local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
.vault.local.azurestack.external 适用于 ASDK。.vault.local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
设置活动的环境。Set the active environment.
az cloud set -n <environmentname>
将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile.若要更新配置,请运行以下命令:To update the configuration, run the following command:
az cloud update --profile 2019-03-01-hybrid
备注
如果正在运行的 Azure Stack Hub 版本低于 1808 版,则必须使用 API 版本配置文件 2017-03-09-profile,而不是 API 版本配置文件 2019-03-01-hybrid。If you're running a version of Azure Stack Hub before the 1808 build, you must use the API version profile 2017-03-09-profile rather than the API version profile 2019-03-01-hybrid.还需要使用最新版本的 Azure CLI。You also need to use a recent version of the Azure CLI.
使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command.可以用户身份或以服务主体的形式登录到 Azure Stack Hub 环境。You can sign in to the Azure Stack Hub environment either as a user or as a service principal.
以用户身份登录:Sign in as a user:
可以直接在 az login 命令中指定用户名和密码,或使用浏览器进行身份验证。You can either specify the username and password directly within the az login command, or authenticate by using a browser.如果帐户已启用多重身份验证,则必须采用后一种方法。You must do the latter if your account has multi-factor authentication enabled:
az login \
-u <Active directory global administrator or user account. For example: username@<aadtenant>.partner.onmschina.cn> \
--tenant <Azure Active Directory Tenant name. For example: myazurestack.partner.onmschina.cn>
备注
如果用户帐户已启用多重身份验证,则可以使用不带 -u 参数的 az login 命令。If your user account has multi-factor authentication enabled, you can use the az login command without providing the -u parameter.运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running this command gives you a URL and a code that you must use to authenticate.
az login \
--tenant <Azure Active Directory Tenant name. For example: myazurestack.partner.onmschina.cn> \
--service-principal \
-u <Application Id of the Service Principal> \
-p <Key generated for the Service Principal>
测试连接Test the connectivity
完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub.例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM.使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":
az group create -n MyResourceGroup -l local
如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:
如果使用 Active Directory 联合身份验证服务 (AD FS) 作为管理服务,并在 Linux 计算机上使用 CLI,可以参考本部分完成 CLI 设置过程。This section walks you through setting up CLI if you're using Active Directory Federated Services (AD FS) as your management service, and are using CLI on a Linux machine.
连接到 Azure Stack HubConnect to Azure Stack Hub
使用以下步骤连接到 Azure Stack Hub:Use the following steps to connect to Azure Stack Hub:
如果使用的是 ASDK,请信任 Azure Stack Hub CA 根证书。If you are using the ASDK, trust the Azure Stack Hub CA root certificate.有关说明,请参阅信任证书。For instruction, see Trust the certificate.
运行 az cloud register 命令注册 Azure Stack Hub 环境。Register your Azure Stack Hub environment by running the az cloud register command.
注册环境。Register your environment.在运行 az cloud register 时使用以下参数。Use the following parameters when running az cloud register.
值Value
示例Example
说明Description
环境名称Environment name
AzureStackUserAzureStackUser
对于用户环境,请使用 AzureStackUser。Use AzureStackUser for the user environment.如果你是操作员,请指定 AzureStackAdmin。If you're operator, specify AzureStackAdmin.
资源管理器终结点Resource Manager endpoint
https://management.local.azurestack.external
ASDK 中的 ResourceManagerUrl 为:https://management.local.azurestack.external/集成系统中的 ResourceManagerUrl 为:https://management.<region>.<fqdn>/ 如果对集成系统终结点有疑问,请与云操作员联系。The ResourceManagerUrl in the ASDK is: https://management.local.azurestack.external/ The ResourceManagerUrl in integrated systems is: https://management.<region>.<fqdn>/ If you have a question about the integrated system endpoint, contact your cloud operator.
local.azurestack.external 适用于 ASDK。local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
.vault.local.azurestack.external 适用于 ASDK。.vault.local.azurestack.external is for the ASDK.对于集成系统,请使用适用于系统的终结点。For an integrated system, use an endpoint for your system.
az cloud register -n <environmentname> --endpoint-resource-manager "https://management.local.azurestack.external" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".vault.local.azurestack.external" --endpoint-vm-image-alias-doc <URI of the document which contains VM image aliases>
设置活动的环境。Set the active environment.
az cloud set -n <environmentname>
将环境配置更新为使用 Azure Stack Hub 特定的 API 版本配置文件。Update your environment configuration to use the Azure Stack Hub specific API version profile.若要更新配置,请运行以下命令:To update the configuration, run the following command:
az cloud update --profile 2019-03-01-hybrid
备注
如果正在运行的 Azure Stack Hub 版本低于 1808 版,则必须使用 API 版本配置文件 2017-03-09-profile,而不是 API 版本配置文件 2019-03-01-hybrid。If you're running a version of Azure Stack Hub before the 1808 build, you must use the API version profile 2017-03-09-profile rather than the API version profile 2019-03-01-hybrid.还需要使用最新版本的 Azure CLI。You also need to use a recent version of the Azure CLI.
使用 az login 命令登录到 Azure Stack Hub 环境。Sign in to your Azure Stack Hub environment by using the az login command.可以用户身份或以服务主体的形式登录到 Azure Stack Hub 环境。You can sign in to the Azure Stack Hub environment either as a user or as a service principal.
登录:Sign in:
将 Web 浏览器与设备代码配合使用,以 用户 的身份登录:As a user using a web browser with a device code:
az login --use-device-code
备注
运行此命令会提供一个 URL 以及身份验证时必须使用的代码。Running the command gives you a URL and a code that you must use to authenticate.
以服务主体的身份:As a service principal:
准备要用于服务主体登录的 .pem 文件。Prepare the .pem file to be used for service principal login.
在创建主体的客户端计算机上,使用位于 cert:\CurrentUser\My 的私钥将服务主体证书导出为 pfx。On the client machine where the principal was created, export the service principal certificate as a pfx with the private key located at cert:\CurrentUser\My.证书名称与主体名称相同。The cert name has the same name as the principal.
将 pfx 转换为 pem(使用 OpenSSL 实用工具)。Convert the pfx to pem (use the OpenSSL utility).
登录到 CLI:Sign in to the CLI:
az login --service-principal \
-u <Client ID from the Service Principal details> \
-p <Certificate's fully qualified name, such as, C:\certs\spn.pem>
--tenant <Tenant ID> \
--debug
测试连接Test the connectivity
完成所有设置后,使用 CLI 在 Azure Stack Hub 中创建资源。With everything set up, use CLI to create resources within Azure Stack Hub.例如,可以创建应用的资源组并添加 VM。For example, you can create a resource group for an app and add a VM.使用以下命令创建名为“MyResourceGroup”的资源组:Use the following command to create a resource group named "MyResourceGroup":
az group create -n MyResourceGroup -l local
如果成功创建了资源组,则上述命令会输出新建资源的以下属性:If the resource group is created successfully, the previous command outputs the following properties of the newly created resource:
已知问题Known issues
在 Azure Stack Hub 中使用 CLI 时存在一些已知的问题:There are known issues when using CLI in Azure Stack Hub:
CLI 交互模式。The CLI interactive mode.例如,az interactive 命令在 Azure Stack Hub 中尚不受支持。For example, the az interactive command, isn't yet supported in Azure Stack Hub.
若要获取 Azure Stack Hub 中可用的 VM 映像列表,请使用 az vm image list --all 命令,而不是 az vm image list 命令。To get the list of VM images available in Azure Stack Hub, use the az vm image list --all command instead of the az vm image list command.指定 --all 选项可确保响应只返回 Azure Stack Hub 环境中可用的映像。Specifying the --all option ensures that the response returns only the images that are available in your Azure Stack Hub environment.
Azure 中可用的 VM 映像别名可能不适用于 Azure Stack Hub。VM image aliases that are available in Azure may not be applicable to Azure Stack Hub.使用 VM 映像时,必须使用整个 URN 参数 (Canonical:UbuntuServer:14.04.3-LTS:1.0.0),而不是映像别名。When using VM images, you must use the entire URN parameter (Canonical:UbuntuServer:14.04.3-LTS:1.0.0) instead of the image alias.此 URN 必须与派生自 az vm images list 命令的映像规范相匹配。This URN must match the image specifications as derived from the az vm images list command.