使用 CLI 创建和管理用于 Azure Database for MySQL 的专用链接Create and manage Private Link for Azure Database for MySQL using CLI

专用终结点是 Azure 中专用链接的构建基块。A Private Endpoint is the fundamental building block for private link in Azure. 它使 Azure 资源(例如虚拟机 (VM))能够以私密方式来与专用链接资源通信。It enables Azure resources, like Virtual Machines (VMs), to communicate privately with private link resources. 在本文中,你将学习如何使用 Azure CLI 在 Azure 虚拟网络和带有 Azure 专用终结点的 Azure Database for MySQL 服务器中创建 VM。In this article, you will learn how to use the Azure CLI to create a VM in an Azure Virtual Network and an Azure Database for MySQL server with an Azure private endpoint.

备注

专用链接功能仅适用于“常规用途”或“内存优化”定价层中的 Azure Database for MySQL 服务器。The private link feature is only available for Azure Database for MySQL servers in the General Purpose or Memory Optimized pricing tiers. 请确保数据库服务器位于其中一个定价层中。Ensure the database server is in one of these pricing tiers.

先决条件Prerequisites

本快速入门需要使用 Azure CLI 版本 2.0.28 或更高版本。This quickstart requires you to use Azure CLI version 2.0.28 or later. 若要查找已安装的版本,请运行 az --versionTo find your installed version, run az --version. 有关安装或升级信息,请参阅安装 Azure CLISee Install Azure CLI for install or upgrade info.

创建资源组Create a resource group

在创建任何资源之前,必须创建一个资源组以托管虚拟网络。Before you can create any resource, you have to create a resource group to host the Virtual Network. 使用 az group create 创建资源组。Create a resource group with az group create. 此示例在 chinaeast2 位置创建一个名为 myResourceGroup 的资源组 :This example creates a resource group named myResourceGroup in the chinaeast2 location:

az group create --name myResourceGroup --location chinaeast2

创建虚拟网络Create a Virtual Network

使用 az network vnet create 创建虚拟网络。Create a Virtual Network with az network vnet create. 此示例创建名为 myVirtualNetwork 的默认虚拟网络,它具有一个名为 mySubnet 的子网:This example creates a default Virtual Network named myVirtualNetwork with one subnet named mySubnet :

az network vnet create \
 --name myVirtualNetwork \
 --resource-group myResourceGroup \
 --subnet-name mySubnet

禁用子网专用终结点策略Disable subnet private endpoint policies

Azure 会将资源部署到虚拟网络中的子网,因此,你需要创建或更新子网,以禁用专用终结点网络策略。Azure deploys resources to a subnet within a virtual network, so you need to create or update the subnet to disable private endpoint network policies. 使用 az network vnet subnet update 更新名为 mySubnet 的子网配置:Update a subnet configuration named mySubnet with az network vnet subnet update:

az network vnet subnet update \
 --name mySubnet \
 --resource-group myResourceGroup \
 --vnet-name myVirtualNetwork \
 --disable-private-endpoint-network-policies true

创建 VMCreate the VM

使用 az vm create 创建 VM。Create a VM with az vm create. 出现提示时,请提供要用作 VM 登录凭据的密码。When prompted, provide a password to be used as the sign-in credentials for the VM. 此示例创建名为 myVm 的 VM:This example creates a VM named myVm :

az vm create \
  --resource-group myResourceGroup \
  --name myVm \
  --image Win2019Datacenter

记下 VM 的公共 IP 地址。Note the public IP address of the VM. 在下一步中,此地址将用于从 Internet 连接到 VM。You will use this address to connect to the VM from the internet in the next step.

创建 Azure Database for MySQL 服务器Create an Azure Database for MySQL server

使用 az mysql server create 命令创建 Azure Database for MySQL。Create a Azure Database for MySQL with the az mysql server create command. 请记住,MySQL 服务器名称必须在 Azure 中独一无二,因此请将括号中的占位符值替换为你自己的唯一值:Remember that the name of your MySQL Server must be unique across Azure, so replace the placeholder value in brackets with your own unique value:

# Create a server in the resource group 
az mysql server create \
--name mydemoserver \
--resource-group myResourcegroup \
--location chinaeast2 \
--admin-user mylogin \
--admin-password <server_admin_password> \
--sku-name GP_Gen5_2

备注

在某些情况下,Azure Database for MySQL 和 VNet 子网位于不同的订阅中。In some cases the Azure Database for MySQL and the VNet-subnet are in different subscriptions. 在这些情况下,必须确保以下配置:In these cases you must ensure the following configurations:

  • 确保两个订阅都注册了 Microsoft.DBforMySQL 资源提供程序。Make sure that both the subscription has the Microsoft.DBforMySQL resource provider registered. 有关详细信息,请参阅资源管理器注册For more information refer resource-manager-registration

创建专用终结点Create the Private Endpoint

为虚拟网络中的 MySQL 服务器创建专用终结点:Create a private endpoint for the MySQL server in your Virtual Network:

az network private-endpoint create \  
    --name myPrivateEndpoint \  
    --resource-group myResourceGroup \  
    --vnet-name myVirtualNetwork  \  
    --subnet mySubnet \  
    --private-connection-resource-id $(az resource show -g myResourcegroup -n mydemoserver --resource-type "Microsoft.DBforMySQL/servers" --query "id" -o tsv) \    
    --group-id mysqlServer \  
    --connection-name myConnection  

配置专用 DNS 区域Configure the Private DNS Zone

为 MySQL 服务器域创建专用 DNS 区域,并创建一个与虚拟网络关联的链接。Create a Private DNS Zone for MySQL server domain and create an association link with the Virtual Network.

az network private-dns zone create --resource-group myResourceGroup \ 
   --name  "privatelink.mysql.database.chinacloudapi.cn" 
az network private-dns link vnet create --resource-group myResourceGroup \ 
   --zone-name  "privatelink.mysql.database.chinacloudapi.cn"\ 
   --name MyDNSLink \ 
   --virtual-network myVirtualNetwork \ 
   --registration-enabled false 

#Query for the network interface ID  
networkInterfaceId=$(az network private-endpoint show --name myPrivateEndpoint --resource-group myResourceGroup --query 'networkInterfaces[0].id' -o tsv)
 
 
az resource show --ids $networkInterfaceId --api-version 2019-04-01 -o json 
# Copy the content for privateIPAddress and FQDN matching the Azure database for MySQL name 
 
 
#Create DNS records 
az network private-dns record-set a create --name myserver --zone-name privatelink.mysql.database.chinacloudapi.cn --resource-group myResourceGroup  
az network private-dns record-set a add-record --record-set-name myserver --zone-name privatelink.mysql.database.chinacloudapi.cn --resource-group myResourceGroup -a <Private IP Address>

备注

客户 DNS 设置中的 FQDN 未解析为已配置的专用 IP。The FQDN in the customer DNS setting does not resolve to the private IP configured. 你必须为已配置的 FQDN 设置一个 DNS 区域,如此处所示。You will have to setup a DNS zone for the configured FQDN as shown here.

从 Internet 连接到 VMConnect to a VM from the internet

从 Internet 连接到 VM myVm ,如下所示:Connect to the VM myVm from the internet as follows:

  1. 在门户的搜索栏中,输入 myVmIn the portal's search bar, enter myVm.

  2. 选择“连接”按钮。Select the Connect button. 选择“连接”按钮后,“连接到虚拟机”随即打开 。After selecting the Connect button, Connect to virtual machine opens.

  3. 选择“下载 RDP 文件”。Select Download RDP File. Azure 会创建远程桌面协议 ( .rdp ) 文件,并将其下载到计算机。Azure creates a Remote Desktop Protocol ( .rdp ) file and downloads it to your computer.

  4. 打开 downloaded.rdp 文件。Open the downloaded.rdp file.

    1. 出现提示时,选择“连接” 。If prompted, select Connect.

    2. 输入在创建 VM 时指定的用户名和密码。Enter the username and password you specified when creating the VM.

      备注

      可能需要选择“更多选择” > “使用其他帐户”,以指定在创建 VM 时输入的凭据 。You may need to select More choices > Use a different account , to specify the credentials you entered when you created the VM.

  5. 选择“确定” 。Select OK.

  6. 你可能会在登录过程中收到证书警告。You may receive a certificate warning during the sign-in process. 如果收到证书警告,请选择“确定”或“继续” 。If you receive a certificate warning, select Yes or Continue.

  7. VM 桌面出现后,将其最小化以返回到本地桌面。Once the VM desktop appears, minimize it to go back to your local desktop.

以私密方式从 VM 访问 MySQL 服务器Access the MySQL server privately from the VM

  1. 在  myVM 的远程桌面中打开 PowerShell。In the Remote Desktop of myVM , open PowerShell.

  2. 输入  nslookup mydemomysqlserver.privatelink.mysql.database.chinacloudapi.cnEnter  nslookup mydemomysqlserver.privatelink.mysql.database.chinacloudapi.cn.

    将收到类似于下面的消息:You'll receive a message similar to this:

    Server:  UnKnown
    Address:  168.63.129.16
    Non-authoritative answer:
    Name:    mydemomysqlserver.privatelink.mysql.database.chinacloudapi.cn
    Address:  10.1.3.4
    
  3. 使用任何可用的客户端测试 MySQL 服务器的专用链接连接。Test the private link connection for the MySQL server using any available client. 在下面的示例中,我使用了 MySQL Workbench 来执行该操作。In the example below I have used MySQL Workbench to do the operation.

  4. 在“新建连接”中,输入或选择以下信息:In New connection , enter or select this information:

    设置Setting Value
    连接名称Connection Name 选择所选的连接名称。Select the connection name of your choice.
    主机名Hostname 选择“mydemoserver.privatelink.mysql.database.chinacloudapi.cn”Select mydemoserver.privatelink.mysql.database.chinacloudapi.cn
    用户名Username 以 username@servername 形式输入用户名(在创建 MySQL 服务器期间提供)。Enter username as username@servername which is provided during the MySQL server creation.
    密码Password 输入创建 MySQL 服务器期间提供的密码。Enter a password provided during the MySQL server creation.
  5. 选择“连接”。Select Connect.

  6. 浏览左侧菜单中的数据库。Browse databases from left menu.

  7. (可选)创建或查询 MySQL 数据库中的信息。(Optionally) Create or query information from the MySQL database.

  8. 关闭与 myVm 的远程桌面连接。Close the remote desktop connection to myVm.

清理资源Clean up resources

如果不再需要资源组及其所有资源,可以使用 az group delete 将其删除:When no longer needed, you can use az group delete to remove the resource group and all the resources it has:

az group delete --name myResourceGroup --yes