使用 Azure SDK 部署云服务(外延支持)
本文介绍如何使用 Azure SDK 创建具有多个角色(WebRole 和 WorkerRole)和远程桌面协议 (RDP) 扩展的 Azure 云服务(外延支持)。 云服务(外延支持)是基于 Azure 资源管理器的 Azure 云服务部署模型。
先决条件
查看云服务(外延支持)的部署先决条件,并创建所需的资源。
部署云服务(外延支持)
使用该 SDK 部署云服务(外延支持):
安装 Azure 计算 SDK NuGet 包,并使用标准身份验证方法初始化客户端:
public class CustomLoginCredentials : ServiceClientCredentials { private string AuthenticationToken { get; set; } public override void InitializeServiceClient<T>(ServiceClient<T> client) { var authenticationContext = new AuthenticationContext("https://login.chinacloudapi.cn/{tenantID}"); var credential = new ClientCredential(clientId: "{clientID}", clientSecret: "{clientSecret}"); var result = authenticationContext.AcquireTokenAsync(resource: "https://management.core.chinacloudapi.cn/", clientCredential: credential); if (result == null) throw new InvalidOperationException("Failed to obtain the JWT token"); AuthenticationToken = result.Result.AccessToken; } public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (request == null) throw new ArgumentNullException("request"); if (AuthenticationToken == null) throw new InvalidOperationException("Token Provider Cannot Be Null"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", AuthenticationToken); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //request.Version = new Version(apiVersion); await base.ProcessHttpRequestAsync(request, cancellationToken); } } var creds = new CustomLoginCredentials(); m_subId = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID"); ResourceManagementClient m_ResourcesClient = new ResourceManagementClient(creds); NetworkManagementClient m_NrpClient = new NetworkManagementClient(creds); ComputeManagementClient m_CrpClient = new ComputeManagementClient(creds); StorageManagementClient m_SrpClient = new StorageManagementClient(creds); m_ResourcesClient.SubscriptionId = m_subId; m_NrpClient.SubscriptionId = m_subId; m_CrpClient.SubscriptionId = m_subId; m_SrpClient.SubscriptionId = m_subId;通过安装 Azure 资源管理器 NuGet 包来创建新的资源组:
var resourceGroups = m_ResourcesClient.ResourceGroups; var m_location = “China North”; var resourceGroupName = "ContosoRG";//provide existing resource group name, if created already var resourceGroup = new ResourceGroup(m_location); resourceGroup = await resourceGroups.CreateOrUpdateAsync(resourceGroupName, resourceGroup);创建存储帐户和容器,用于存储部署的包(.cspkg 或 .zip)文件和配置 (.cscfg) 文件。 安装 Azure 存储 NuGet 包。 如果使用的是现有存储帐户,则此步骤是可选的。 存储帐户名称必须是唯一的。
string storageAccountName = “ContosoSAS” var stoInput = new StorageAccountCreateParameters { Location = m_location, Kind = Microsoft.Azure.Management.Storage.Models.Kind.StorageV2, Sku = new Microsoft.Azure.Management.Storage.Models.Sku(SkuName.StandardRAGRS), }; StorageAccount storageAccountOutput = m_SrpClient.StorageAccounts.Create(rgName, storageAccountName, stoInput); bool created = false; while (!created) { Thread.Sleep(600); var stos = m_SrpClient.StorageAccounts.ListByResourceGroup(rgName); created = stos.Any( t => StringComparer.OrdinalIgnoreCase.Equals(t.Name, storageAccountName)); } StorageAccount storageAccountOutput = m_SrpClient.StorageAccounts.GetProperties(rgName, storageAccountName);. var accountKeyResult = m_SrpClient.StorageAccounts.ListKeysWithHttpMessagesAsync(rgName, storageAccountName).Result; CloudStorageAccount storageAccount = new CloudStorageAccount(new StorageCredentials(storageAccountName, accountKeyResult.Body.Keys.FirstOrDefault(). Value), useHttps: true); var blobClient = storageAccount.CreateCloudBlobClient(); CloudBlobContainer container = blobClient.GetContainerReference("sascontainer"); container.CreateIfNotExistsAsync().Wait(); sharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy(); sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddDays(-1); sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(2); sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write;将包(.cspkg 或 .zip)文件上传到存储帐户。 包 URL 可以是任何存储帐户的共享访问签名 (SAS) URI。
CloudBlockBlob cspkgblockBlob = container.GetBlockBlobReference(“ContosoApp.cspkg”); cspkgblockBlob.UploadFromFileAsync(“./ContosoApp/ContosoApp.cspkg”). Wait(); //Generate the shared access signature on the blob, setting the constraints directly on the signature. string cspkgsasContainerToken = cspkgblockBlob.GetSharedAccessSignature(sasConstraints); //Return the URI string for the container, including the SAS token. string cspkgSASUrl = cspkgblockBlob.Uri + cspkgsasContainerToken;将配置 (.cscfg) 文件上传到存储帐户。 将服务配置指定为字符串 XML 或 URL 格式。
CloudBlockBlob cscfgblockBlob = container.GetBlockBlobReference(“ContosoApp.cscfg”); cscfgblockBlob.UploadFromFileAsync(“./ContosoApp/ContosoApp.cscfg”). Wait(); //Generate the shared access signature on the blob, setting the constraints directly on the signature. string sasCscfgContainerToken = cscfgblockBlob.GetSharedAccessSignature(sasConstraints); //Return the URI string for the container, including the SAS token. string cscfgSASUrl = cscfgblockBlob.Uri + sasCscfgContainerToken;创建虚拟网络和子网。 安装 Azure 网络 NuGet 包。 如果使用的是现有网络和子网,则此步骤是可选的。
VirtualNetwork vnet = new VirtualNetwork(name: vnetName) { AddressSpace = new AddressSpace { AddressPrefixes = new List<string> { "10.0.0.0/16" } }, Subnets = new List<Subnet> { new Subnet(name: subnetName) { AddressPrefix = "10.0.0.0/24" } }, Location = m_location }; m_NrpClient.VirtualNetworks.CreateOrUpdate(resourceGroupName, “ContosoVNet”, vnet);创建公共 IP 地址,并设置公共 IP 地址的 DNS 标签属性。 云服务(外延支持)仅支持基本 SKU 公共 IP 地址。 标准 SKU 公共 IP 地址不适用于云服务(外延支持)。
如果使用静态 IP 地址,则必须将其引用为配置 (.cscfg) 文件中的保留 IP 地址。
PublicIPAddress publicIPAddressParams = new PublicIPAddress(name: “ContosIp”) { Location = m_location, PublicIPAllocationMethod = IPAllocationMethod.Dynamic, DnsSettings = new PublicIPAddressDnsSettings() { DomainNameLabel = “contosoappdns” } }; PublicIPAddress publicIpAddress = m_NrpClient.PublicIPAddresses.CreateOrUpdate(resourceGroupName, publicIPAddressName, publicIPAddressParams);创建网络配置文件对象,并将公共 IP 地址与负载均衡器的前端相关联。 Azure 平台会自动创建与部署位于同一订阅的“经典”SKU 负载均衡器资源。 负载均衡器资源在 Azure 资源管理器中是只读的。 只能通过云服务(外延支持)配置 (.cscfg) 文件和定义 (.csdef) 文件更新资源。
LoadBalancerFrontendIPConfiguration feipConfiguration = new LoadBalancerFrontendIPConfiguration() { Name = “ContosoFe”, Properties = new LoadBalancerFrontendIPConfigurationProperties() { PublicIPAddress = new CM.SubResource() { Id = $"/subscriptions/{m_subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{publicIPAddressName}", } } }; CloudServiceNetworkProfile cloudServiceNetworkProfile = new CloudServiceNetworkProfile() { LoadBalancerConfigurations = new List<LoadBalancerConfiguration>() { new LoadBalancerConfiguration() { Name = 'ContosoLB', Properties = new LoadBalancerConfigurationProperties() { FrontendIPConfigurations = new List<LoadBalancerFrontendIPConfiguration>() { feipConfig } } } } };创建密钥保管库。 此密钥保管库可存储与云服务(外延支持)角色关联的证书。 该密钥保管库必须位于云服务(外延支持)资源所在的同一区域和订阅中,并且名称必须唯一。 有关详细信息,请查看在云服务(外延支持)中使用证书。
New-AzKeyVault -Name "ContosKeyVault” -ResourceGroupName “ContosoOrg” -Location “China North”更新密钥保管库的访问策略,并向你的用户帐户授予证书权限:
Set-AzKeyVaultAccessPolicy -VaultName 'ContosKeyVault' -ResourceGroupName 'ContosoOrg' -UserPrincipalName 'user@domain.com' -PermissionsToCertificates create,get,list,delete或者,通过对象 ID(可通过运行
Get-AzADUser来获取)设置访问策略:Set-AzKeyVaultAccessPolicy -VaultName 'ContosKeyVault' -ResourceGroupName 'ContosOrg' -ObjectId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -PermissionsToCertificates create,get,list,delete以下示例将自签名证书添加到了密钥保管库。 必须在云服务(扩展支持)角色的配置 (.cscfg) 文件中添加证书指纹。
$Policy = New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" - SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal Add-AzKeyVaultCertificate -VaultName "ContosKeyVault" -Name "ContosCert" -CertificatePolicy $Policy创建 OS 配置文件对象。 OS 配置文件指定与云服务(外延支持)角色关联的证书。 使用在上一步中创建的同一证书。
CloudServiceOsProfile cloudServiceOsProfile = new CloudServiceOsProfile { Secrets = new List<CloudServiceVaultSecretGroup> { New CloudServiceVaultSecretGroup { SourceVault = <sourceVault>, VaultCertificates = <vaultCertificates> } } };创建角色配置文件对象。 角色配置文件定义 SKU 的角色特定的属性,例如名称、容量和层级。
本示例定义了两个角色:ContosoFrontend 和 ContosoBackend。 角色配置文件信息必须与配置 (.cscfg) 文件和定义 (.cscfg) 文件中定义的角色匹配。
CloudServiceRoleProfile cloudServiceRoleProfile = new CloudServiceRoleProfile() { Roles = new List<CloudServiceRoleProfileProperties>(); // foreach role in cloudService roles.Add(new CloudServiceRoleProfileProperties() { Name = 'ContosoFrontend', Sku = new CloudServiceRoleSku { Name = 'Standard_D1_v2', Capacity = 2, Tier = 'Standard' } ); roles.Add(new CloudServiceRoleProfileProperties() { Name = 'ContosoBackend', Sku = new CloudServiceRoleSku { Name = 'Standard_D1_v2', Capacity = 2, Tier = 'Standard' } ); } }(可选)创建要添加到云服务(外延支持)部署的扩展配置文件对象。 此示例添加了远程桌面协议 (RDP) 扩展:
string rdpExtensionPublicConfig = "<PublicConfig>" + "<UserName>adminRdpTest</UserName>" + "<Expiration>2021-10-27T23:59:59</Expiration>" + "</PublicConfig>"; string rdpExtensionPrivateConfig = "<PrivateConfig>" + "<Password>VsmrdpTest!</Password>" + "</PrivateConfig>"; Extension rdpExtension = new Extension { Name = name, Properties = new CloudServiceExtensionProperties { Publisher = "Microsoft.Windows.Azure.Extensions", Type = "RDP", TypeHandlerVersion = "1.2.1", AutoUpgradeMinorVersion = true, Settings = rdpExtensionPublicConfig, ProtectedSettings = rdpExtensionPrivateConfig, RolesAppliedTo = [“*”], } }; CloudServiceExtensionProfile cloudServiceExtensionProfile = new CloudServiceExtensionProfile { Extensions = rdpExtension };创建云服务(外延支持)部署:
CloudService cloudService = new CloudService { Properties = new CloudServiceProperties { RoleProfile = cloudServiceRoleProfile Configuration = < Add Cscfg xml content here>, // ConfigurationUrl = <Add your configuration URL here>, PackageUrl = <Add cspkg SAS url here>, ExtensionProfile = cloudServiceExtensionProfile, OsProfile= cloudServiceOsProfile, NetworkProfile = cloudServiceNetworkProfile, UpgradeMode = 'Auto' }, Location = m_location }; CloudService createOrUpdateResponse = m_CrpClient.CloudServices.CreateOrUpdate(“ContosOrg”, “ContosoCS”, cloudService);
相关内容
- 请参阅云服务(外延支持)的常见问题解答。
- 使用 Azure 门户、Azure PowerShell、ARM 模板或 Visual Studio 部署云服务(外延支持)。
- 访问云服务(外延支持)示例存储库。