将“VNet 注入”预览版工作区升级到正式发行版 Upgrade your VNet Injection preview workspace to GA

将 Azure Databricks 工作区部署到自己的 Azure 虚拟网络(有时称为 VNet 注入)这一功能现已从预览版升级为正式版,因此应在 2020 年 3 月 31 日前将预览工作区升级到正式发布版。With the ability to deploy an Azure Databricks workspace in your own Azure Virtual Network (sometimes called VNet injection ) now transitioned from preview to general availability, you should upgrade your preview workspace to the GA version by March 31, 2020. 如果不升级会导致工作区功能丢失。Failure to upgrade will result in loss of workspace functionality. 2020 年 6 月 1 日之后,你将无法访问你的工作区。After June 1, 2020, you will not have any access to your workspace.

重要

如果你在 6 月 1 日之前没有升级工作区,则将无法访问工作区。If you have not upgraded your workspace by June 1st, you will not have access to your workspace. 6 月 1 日之后,请遵循升级步骤,然后开具支持工单以重新获取对工作区的访问权限。After June 1st, follow the upgrade steps and then open a support ticket to regain access to your workspace.

在 VNet 注入的正式发布版中,与预览版不同,Azure Databricks 管理 Azure Databricks 部署所需的所有网络安全组 (NSG) 规则。In the GA version of VNet injection, unlike the preview version, Azure Databricks manages all network security group (NSG) rules that are required by the Azure Databricks deployment. 因此,升级过程涉及将公共子网和专用子网委派给 Microsoft.Databricks/workspaces 服务,从而允许 Azure Databricks 维护那些网络安全组规则。For this reason, the upgrade process involves delegating your public and private subnets to the Microsoft.Databricks/workspaces service, which allows Azure Databricks to maintain those network security group rules. 此委派不会授予 Azure Databricks 任何权限来更新你可以自行添加到子网的网络安全组规则。This delegation does not give Azure Databricks any rights to update network security group rules you may add to the subnets yourself.

此过程不会干扰现有的 Azure Databricks 群集或正在运行的作业,并且不会对 Azure Databricks 工作区进行任何可见的更改。This process will not interfere with your existing Azure Databricks clusters or running jobs, and will make no visible changes to your Azure Databricks workspace.

要求Requirements

必须具有以下权限:Microsoft.Network/virtualNetworks/subnets/writeYou must have the following permission: Microsoft.Network/virtualNetworks/subnets/write. 默认情况下,拥有“所有者”或“参与者”角色的用户具有此权限。Users with the Owner or Contributor role have this permission by default. 若要了解如何分配此权限,请参阅权限To learn how to assign this permission, see Permissions.

使用 Azure CLI 进行升级Upgrade using Azure CLI

  1. 登录 Azure CLI。Log in to the Azure CLI.

    az login
    
  2. 设置环境变量。Set environment variables.

    subscriptionId=<Your Subscription ID>
    vnetName=<Your Virtual Network’s Name>
    rgName=<Your Virtual Network’s Resource Group>
    publicSubnetName=<Name of Your Virtual Network’s Public Subnet>
    privateSubnetName=<Name of Your Virtual Network’s Private Subnet>
    delegation='Microsoft.Databricks/workspaces'
    
  3. 将公共子网委托给 Azure Databricks。Delegate the public subnet to Azure Databricks.

    az network vnet subnet update --subscription $subscriptionId --resource-group $rgName --vnet-name $vnetName --name $publicSubnetName --delegation $delegation
    
  4. 将专用子网委托给 Azure Databricks。Delegate the private subnet to Azure Databricks.

    az network vnet subnet update --subscription $subscriptionId --resource-group $rgName --vnet-name $vnetName --name $privateSubnetName --delegation $delegation
    

使用 PowerShell 进行升级Upgrade using powershell

  1. 安装网络模块。Install the networking module.

    Install-Module -Name Az.Network -AllowClobber -Force
    
  2. 设置环境变量。Set environment variables.

    $subscriptionId = <Your Subscription ID>
    $vnetName = <Your Virtual Network Name>
    $rgname = <Your Virtual Network's Resource Group>
    $delegation = 'Microsoft.Databricks/workspaces'
    $publicSubnetName = <Name of Your Virtual Network’s Public Subnet>
    $privateSubnetName = <Name of Your Virtual Network’s Private Subnet>
    
  3. 在 shell 中设置订阅。Set the subscription in your shell.

    Select-AzSubscription -SubscriptionId $subscriptionId
    
  4. 检索虚拟网络和相应的子网。Retrieve your virtual network and corresponding subnets.

    $vNet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgname
    $publicSubnet = Get-AzVirtualNetworkSubnetConfig -name $publicSubnetName -VirtualNetwork $vNet
    $privateSubnet = Get-AzVirtualNetworkSubnetConfig -name $privateSubnetName -VirtualNetwork $vNet
    
  5. 创建到 Azure Databricks 的新委派。Create a new delegation to Azure Databricks.

    $delegation = New-AzDelegation -Name adbDelegation -ServiceName "Microsoft.Databricks/workspaces"
    
  6. 将公用和专用子网设置为新委派并更新虚拟网络。Set your public and private subnets to the new delegation and update the virtual network.

    Set-AzVirtualNetworkSubnetConfig -Name $publicSubnet.Name -VirtualNetwork $vNet -Delegation $delegation -AddressPrefix $publicSubnet.AddressPrefix
    
    Set-AzVirtualNetworkSubnetConfig -Name $privateSubnet.Name -VirtualNetwork $vNet -Delegation $delegation -AddressPrefix $privateSubnet.AddressPrefix
    
    Set-AzVirtualNetwork -VirtualNetwork $vNet
    

使用 Azure 门户进行升级Upgrade using the Azure portal

  1. 在 Azure 门户中,导航到部署了 Azure Databricks 工作区的虚拟网络。In the Azure portal, navigate to the virtual network where your Azure Databricks workspace is deployed. 请参阅查看虚拟网络和设置See View virtual networks and settings.

    虚拟网络设置Virtual network settings

  2. 在左侧菜单中,单击“子网”。In the left menu, click Subnets. 你将看到显示的专用和公共子网信息。You’ll see your private and public subnet information displayed.

    子网Subnets

  3. 单击公共子网行,转到“子网委派”下拉列表并选择“Microsoft.Databricks/workspaces”服务 。Click the public subnet row, go to the Subnet delegation dropdown, and select the Microsoft.Databricks/workspaces service.

    子网委派Subnet delegation

    有关子网委派的详细信息,请参阅添加或删除子网委派For more information about subnet delegation, see Add or remove a subnet delegation.

  4. 对专用子网重复子网委派。Repeat the subnet delegation for the private subnet.

  5. 保存所做更改。Save your changes.

使用 Azure 资源管理器模板进行升级Upgrade using Azure Resource Manager templates

重要

如果在预览期间使用 Azure 资源管理器 (ARM) 模板将 Azure Databricks 工作区部署到自己的虚拟网络,并且想要继续使用 Azure 资源管理器模板来创建虚拟网络和部署工作区,则应使用“升级的 Azure 资源管理器模板”。If you used Azure Resource Manager (ARM) templates to deploy a Azure Databricks workspace to your own virtual network during the preview, and you want to continue to use Azure Resource Manager templates to create virtual networks and deploy workspaces, you should use the upgraded Azure Resource Manager templates. 请参阅配置虚拟网络See Configure the virtual network.

升级后的步骤Post-upgrade steps

完成子网委派后,Azure Databricks 将在 24 小时内完成工作区升级。Once you have completed the subnet delegation, Azure Databricks will complete your workspace upgrade within 24 hours. 升级完成后,应会在附加到公共和专用子网的网络安全组中看到一组新的网络安全规则When your upgrade is complete, you should see a new set of network security rules in the network security group attached to your public and private subnets. 其中每个规则名称都以前缀 Microsoft.Databricks-workspaces 开头。Each of these rule names starts with the prefix Microsoft.Databricks-workspaces. 任何以前缀 databricks 开头的规则不再是必需的,应使用以下过程删除:Any rules that begin with the prefix databricks are no longer necessary, and you should delete them using the following procedure:

  1. 在 Azure 门户中,导航到部署了 Azure Databricks 工作区的虚拟网络。In the Azure portal, navigate to the virtual network where your Azure Databricks workspace is deployed. 请参阅查看虚拟网络和设置See View virtual networks and settings.

    虚拟网络设置Virtual network settings

  2. 在左侧菜单中,单击“子网”,然后复制专用子网和公共子网的网络安全组的名称。In the left menu, click Subnets , and copy the name of the network security group for both your private and public subnets.

    子网Subnets

  3. 将公共子网的网络安全组名称粘贴到搜索栏中,以打开“网络安全组概述”页。Paste the public subnet’s network security group name into the Search bar to open the Network security group Overview page.

  4. 在“概述”页上,找到所有以“databricks”开头的入站和出站规则并删除它们。On the Overview page, find all inbound and outbound rules that start with “databricks” and delete them.

    网络安全组概述Network security group overview

  5. 对专用子网重复前两个步骤。Repeat the previous two steps for the private subnet.