CLI 示例:在用户订阅模式下创建 Batch 帐户CLI example: Create a Batch account in user subscription mode

此脚本在用户订阅模式下创建 Azure Batch 帐户。This script creates an Azure Batch account in user subscription mode. 必须通过 Azure Active Directory 令牌对那些将计算节点分配到订阅中的帐户进行身份验证。An account that allocates compute nodes into your subscription must be authenticated via an Azure Active Directory token. 计算节点将计数分配到订阅的 vCPU(核心)配额。The compute nodes allocated count toward your subscription's vCPU (core) quota.

备注

在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

如果选择在本地安装并使用 CLI,本文要求运行 Azure CLI 2.0.20 或更高版本。When you choose to install and use the CLI locally, this article requires that you are running the Azure CLI version 2.0.20 or later. 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

示例脚本Example script

#!/bin/bash

# Allow Azure Batch to access the subscription (one-time operation).
az role assignment create \
    --assignee MicrosoftAzureBatch \
    --role contributor

# Create a resource group.
az group create --name myResourceGroup --location chinanorth

# Create an Azure Key Vault. A Batch account that allocates pools in the user's subscription 
# must be configured with a Key Vault located in the same region. 
az keyvault create \
    --resource-group myResourceGroup \
    --name mykevault \
    --location chinanorth \
    --enabled-for-deployment true \
    --enabled-for-disk-encryption true \
    --enabled-for-template-deployment true

# Add an access policy to the Key Vault to allow access by the Batch Service.
az keyvault set-policy \
    --resource-group myResourceGroup \
    --name mykevault \
    --spn ddbf3205-c6bd-46ae-8127-60eb93363864 \
    --key-permissions all \
    --secret-permissions all

# Create the Batch account, referencing the Key Vault either by name (if they
# exist in the same resource group) or by its full resource ID.
az batch account create \
    --resource-group myResourceGroup \
    --name mybatchaccount \
    --location chinanorth \
    --keyvault mykevault

# Authenticate directly against the account for further CLI interaction.
# Batch accounts that allocate pools in the user's subscription must be
# authenticated via an Azure Active Directory token.
az batch account login -g myResourceGroup -n mybatchaccount

清理部署Clean up deployment

运行以下命令以删除资源组及其相关的所有资源。Run the following command to remove the resource group and all resources associated with it.

az group delete --name myResourceGroup

脚本说明Script explanation

此脚本使用以下命令。This script uses the following commands. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command-specific documentation.

CommandCommand 说明Notes
az role assignment createaz role assignment create 为用户、组或服务主体创建新的角色分配。Create a new role assignment for a user, group, or service principal.
az group createaz group create 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
az keyvault createaz keyvault create 创建密钥保管库。Creates a key vault.
az keyvault set-policyaz keyvault set-policy 更新指定 Key Vault 的安全策略。Update the security policy of the specified key vault.
az batch account createaz batch account create 创建批处理帐户。Creates the Batch account.
az batch account loginaz batch account login 针对指定的批处理帐户进行身份验证,以便进一步进行 CLI 交互。Authenticates against the specified Batch account for further CLI interaction.
az group deleteaz group delete 删除资源组,包括所有嵌套的资源。Deletes a resource group including all nested resources.

后续步骤Next steps

有关 Azure CLI 的详细信息,请参阅 Azure CLI 文档For more information on the Azure CLI, see Azure CLI documentation.