使用 Azure CLI 创建和管理 Azure Database for MySQL 防火墙规则Create and manage Azure Database for MySQL firewall rules by using the Azure CLI

备注

将要查看的是 Azure Database for MySQL 的新服务。You are viewing the new service of Azure Database for MySQL. 若要查看经典 MySQL Database for Azure 的文档,请访问此页To view the documentation for classic MySQL Database for Azure, please visit this page.

可以使用服务器级防火墙规则,管理从特定 IP 地址或某个范围的 IP 地址对 Azure Database for MySQL 服务器的访问。Server-level firewall rules can be used to manage access to an Azure Database for MySQL Server from a specific IP address or a range of IP addresses. 使用便捷的 Azure CLI 命令,可创建、更新、删除、列出和显示防火墙规则,用于管理服务器。Using convenient Azure CLI commands, you can create, update, delete, list, and show firewall rules to manage your server. 有关 Azure Database for MySQL 的概述,请参阅 Azure Database for MySQL 服务器防火墙规则For an overview of Azure Database for MySQL firewalls, see Azure Database for MySQL server firewall rules.

也可使用虚拟网络 (VNet) 规则来保护对服务器进行的访问。Virtual Network (VNet) rules can also be used to secure access to your server. 详细了解如何使用 Azure CLI 创建和管理虚拟网络服务终结点和规则Learn more about creating and managing Virtual Network service endpoints and rules using the Azure CLI.

必备条件Prerequisites

防火墙规则命令:Firewall rule commands:

从 Azure CLI 中使用 az mysql server firewall-rule 命令,创建、删除、列出、显示和更新防火墙规则 。The az mysql server firewall-rule command is used from the Azure CLI to create, delete, list, show, and update firewall rules.

命令:Commands:

  • create:创建 Azure MySQL 服务器防火墙规则。 create: Create an Azure MySQL server firewall rule.
  • delete:删除 Azure MySQL 服务器防火墙规则。 delete: Delete an Azure MySQL server firewall rule.
  • list:列出 Azure MySQL 服务器防火墙规则。list: List the Azure MySQL server firewall rules.
  • show:显示 Azure MySQL 服务器防火墙规则的详细信息。show: Show the details of an Azure MySQL server firewall rule.
  • update:更新 Azure MySQL 服务器防火墙规则。 update: Update an Azure MySQL server firewall rule.

登录到 Azure,并列出 Azure Database for MySQL 服务器Sign in to Azure and list your Azure Database for MySQL Servers

使用 az login 命令通过 Azure 帐户安全连接到 Azure CLI。Securely connect Azure CLI with your Azure account by using the az login command.

  1. 从命令行运行以下命令:From the command-line, run the following command:

    az login
    

    此命令将输出要在下一步骤中使用的代码。This command outputs a code to use in the next step.

  2. 使用 Web 浏览器打开页面 https://aka.ms/devicelogin,再输入代码。Use a web browser to open the page https://aka.ms/devicelogin, and then enter the code.

  3. 出现提示时,请使用 Azure 凭据登录。At the prompt, sign in using your Azure credentials.

  4. 获得登录授权后,控制台中会打印出订阅列表。After your login is authorized, a list of subscriptions is printed in the console. 复制所需订阅的 ID,便于设置要使用的当前订阅。Copy the ID of the desired subscription to set the current subscription to use. 使用 az account set 命令。Use the az account set command.

    az account set --subscription <your subscription id>
    
  5. 如果不确定其名称,请列出订阅和资源组的 Azure Databases for MySQL 服务器。List the Azure Databases for MySQL servers for your subscription and resource group if you are unsure of the names. 使用 az mysql server list 命令。Use the az mysql server list command.

    az mysql server list --resource-group myresourcegroup
    

    请注意列表中的名称属性,需要该属性来指定要使用的 MySQL 服务器。Note the name attribute in the listing, which you need to specify the MySQL server to work on. 如果需要,请确认该服务器的详细信息,并使用名称属性来确保其正确。If needed, confirm the details for that server and using the name attribute to ensure it is correct. 使用 az mysql server show 命令。Use the az mysql server show command.

    az mysql server show --resource-group myresourcegroup --name mydemoserver
    

列出 Azure Database for MySQL 服务器上的防火墙规则List firewall rules on Azure Database for MySQL Server

使用服务器名称和资源组名称,列出服务器上现有的服务器防火墙规则。Using the server name and the resource group name, list the existing server firewall rules on the server. 使用 az mysql server firewall list 命令。Use the az mysql server firewall list command. 请注意,应在“--server”开关(而不是在“--name”开关)中指定服务器名称属性 。Notice that the server name attribute is specified in the --server switch and not in the --name switch.

az mysql server firewall-rule list --resource-group myresourcegroup --server-name mydemoserver

输出会默认采用 JSON 格式列出规则(如果有)。The output lists the rules, if any, in JSON format (by default). 可使用“--output table” 开关,以更具可读性的表格格式输出结果。You can use the --output table switch to output the results in a more readable table format.

az mysql server firewall-rule list --resource-group myresourcegroup --server-name mydemoserver --output table

创建 Azure Database for MySQL 服务器上的防火墙规则Create a firewall rule on Azure Database for MySQL Server

使用 Azure MySQL 服务器名称和资源组名称,在服务器上创建新的防火墙规则。Using the Azure MySQL server name and the resource group name, create a new firewall rule on the server. 使用 az mysql server firewall create 命令。Use the az mysql server firewall create command. 提供规则名称以及规则的起始 IP 和结束 IP(对一系列 IP 地址提供访问权限)。Provide a name for the rule, as well as the start IP and end IP (to provide access to a range of IP addresses) for the rule.

az mysql server firewall-rule create --resource-group myresourcegroup --server-name mydemoserver --name FirewallRule1 --start-ip-address 13.83.152.0 --end-ip-address 13.83.152.15

若要允许单个 IP 地址进行访问,请将相同的 IP 地址用作起始 IP 和结束 IP,如此示例中所示。To allow access for a single IP address, provide the same IP address as the Start IP and End IP, as in this example.

az mysql server firewall-rule create --resource-group myresourcegroup --server-name mydemoserver --name FirewallRule1 --start-ip-address 1.1.1.1 --end-ip-address 1.1.1.1

若要允许应用程序从 Azure IP 地址连接到 Azure Database for MySQL 服务器,请提供 IP 地址 0.0.0.0 作为起始 IP 和结束 IP,如此示例所示。To allow applications from Azure IP addresses to connect to your Azure Database for MySQL server, provide the IP address 0.0.0.0 as the Start IP and End IP, as in this example.

az mysql server firewall-rule create --resource-group myresourcegroup --server mysql --name "AllowAllWindowsAzureIps" --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0

重要

该选项将防火墙配置为允许来自 Azure 的所有连接,包括来自其他客户的订阅的连接。This option configures the firewall to allow all connections from Azure including connections from the subscriptions of other customers. 选择该选项时,请确保登录名和用户权限将访问权限限制为仅已授权用户使用。When selecting this option, make sure your login and user permissions limit access to only authorized users.

成功后,每个 create 命令输出会列出已创建的防火墙规则的详细信息,默认采用 JSON 格式。Upon success, each create command output lists the details of the firewall rule you have created, in JSON format (by default). 如果失败,输出会改为显示错误消息文本。If there is a failure, the output shows error message text instead.

更新 Azure Database for MySQL 服务器上的防火墙规则Update a firewall rule on Azure Database for MySQL server

使用 Azure MySQL 服务器名称和资源组名称,更新服务器上已有的防火墙规则。Using the Azure MySQL server name and the resource group name, update an existing firewall rule on the server. 使用 az mysql server firewall update 命令。Use the az mysql server firewall update command. 输入现有防火墙规则的名称,并提供要更新的起始 IP 和结束 IP 属性。Provide the name of the existing firewall rule as input, as well as the start IP and end IP attributes to update.

az mysql server firewall-rule update --resource-group myresourcegroup --server-name mydemoserver --name FirewallRule1 --start-ip-address 13.83.152.0 --end-ip-address 13.83.152.1

成功后,命令输出会列出更新后的防火墙规则的详细信息,默认采用 JSON 格式。Upon success, the command output lists the details of the firewall rule you have updated, in JSON format (by default). 如果失败,输出会改为显示错误消息文本。If there is a failure, the output shows error message text instead.

备注

如果不存在防火墙规则,更新命令将创建规则。If the firewall rule does not exist, the rule is created by the update command.

显示 Azure Database for MySQL 服务器上的防火墙规则的详细信息Show firewall rule details on Azure Database for MySQL Server

使用 Azure MySQL 服务器名称和资源组名称,显示服务器上已有的防火墙规则的详细信息。Using the Azure MySQL server name and the resource group name, show the existing firewall rule details from the server. 使用 az mysql server firewall show 命令。Use the az mysql server firewall show command. 输入现有防火墙规则的名称。Provide the name of the existing firewall rule as input.

az mysql server firewall-rule show --resource-group myresourcegroup --server-name mydemoserver --name FirewallRule1

成功后,命令输出会列出指定的防火墙规则的详细信息,默认采用 JSON 格式。Upon success, the command output lists the details of the firewall rule you have specified, in JSON format (by default). 如果失败,输出会改为显示错误消息文本。If there is a failure, the output shows error message text instead.

删除 Azure Database for MySQL 服务器上的防火墙规则Delete a firewall rule on Azure Database for MySQL Server

使用 Azure MySQL 服务器名称和资源组名称,从服务器中删除已有的防火墙规则。Using the Azure MySQL server name and the resource group name, remove an existing firewall rule from the server. 使用 az mysql server firewall delete 命令。Use the az mysql server firewall delete command. 输入现有防火墙规则的名称。Provide the name of the existing firewall rule.

az mysql server firewall-rule delete --resource-group myresourcegroup --server-name mydemoserver --name FirewallRule1

成功后没有任何输出。Upon success, there is no output. 如果失败,会显示错误消息文本。Upon failure, error message text displays.

后续步骤Next steps