对 Azure 存储 使用 Azure PowerShellUsing Azure PowerShell with Azure Storage

Azure PowerShell 用于从 PowerShell 命令行或脚本创建和管理 Azure 资源。Azure PowerShell is used to create and manage Azure resources from the PowerShell command line or in scripts. 针对 Azure 存储,将这些 cmdlet 划分为两个类别 -- 控制平面和数据平面。For Azure Storage, these cmdlets fall into two categories -- the control plane and the data plane. 控制平面 cmdlet 用于管理存储帐户,即创建存储帐户、设置属性、删除存储帐户、轮换访问密钥等。The control plane cmdlets are used to manage the storage account -- to create storage accounts, set properties, delete storage accounts, rotate the access keys, and so on. 数据平面 cmdlet 用于管理存储帐户中 存储的数据。The data plane cmdlets are used to manage the data stored in the storage account. 例如,上传 blob、创建文件共享以及将消息添加到队列。For example, uploading blobs, creating file shares, and adding messages to a queue.

本操作说明文章介绍了使用管理平面 cmdlet 管理存储帐户的常见操作。This how-to article covers common operations using the management plane cmdlets to manage storage accounts. 你将学习如何执行以下操作:You learn how to:

  • 列出存储器帐户List storage accounts
  • 获取对现有存储帐户的引用Get a reference to an existing storage account
  • 创建存储帐户Create a storage account
  • 设置存储帐户属性Set storage account properties
  • 检索和再生成访问密钥Retrieve and regenerate the access keys
  • 保护对存储帐户的访问Protect access to your storage account
  • 启用存储分析Enable Storage Analytics

本文提供有关存储的其他几篇 PowerShell 文章的链接,例如,如何启用和访问存储分析、如何使用数据平面 cmdlet,以及如何访问中国云、德国云和政府云等 Azure 独立云。This article provides links to several other PowerShell articles for Storage, such as how to enable and access the Storage Analytics, how to use the data plane cmdlets, and how to access the Azure independent clouds such as China Cloud, German Cloud, and Government Cloud.

如果没有 Azure 订阅,可在开始前创建一个 1 元人民币试用帐户If you don't have an Azure subscription, create a 1rmb trial account before you begin.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

本演练需要 Azure PowerShell 模块 Az 版本 0.7 或更高版本。This exercise requires the Azure PowerShell module Az version 0.7 or later. 运行 Get-Module -ListAvailable Az 即可查找版本。Run Get-Module -ListAvailable Az to find the version. 如果需要进行安装或升级,请参阅安装 Azure PowerShell 模块If you need to install or upgrade, see Install Azure PowerShell module.

对于本演练,可以将命令键入到一个常规的 PowerShell 窗口中,也可以使用 Windows PowerShell 集成脚本环境 (ISE) 并将命令键入到编辑器中,然后在浏览示例时测试一个或多个命令。For this exercise, you can type the commands into a regular PowerShell window, or you can use the Windows PowerShell Integrated Scripting Environment (ISE) and type the commands into an editor, then test one or more commands at a time as you go through the examples. 可以突出显示想要执行的行,并单击“运行所选项”来仅运行这些命令。You can highlight the rows you want to execute and click Run Selected to just run those commands.

有关存储帐户的详细信息,请参阅存储简介关于 Azure 存储帐户For more information about storage accounts, see Introduction to Storage and About Azure storage accounts.

登录 AzureSign in to Azure

运行 Connect-AzAccount 命令以登录 Azure 订阅,并按照屏幕上的说明操作。Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions.

Connect-AzAccount -EnvironmentName AzureChinaCloud

列出订阅中的存储帐户List the storage accounts in the subscription

运行 Get-AzStorageAccount cmdlet 来检索当前订阅中的存储帐户列表。Run the Get-AzStorageAccount cmdlet to retrieve the list of storage accounts in the current subscription.

Get-AzStorageAccount | Select StorageAccountName, Location

获取对存储帐户的引用Get a reference to a storage account

接下来,需要对存储帐户的引用。Next, you need a reference to a storage account. 可以创建一个新存储帐户,也可以获取对现有存储帐户的引用。You can either create a new storage account or get a reference to an existing storage account. 下列各部分将演示这两种方法。The following section shows both methods.

使用现有的存储帐户Use an existing storage account

若要检索现有的存储帐户,则需要资源组的名称和存储帐户的名称。To retrieve an existing storage account, you need the name of the resource group and the name of the storage account. 为这两个字段设置变量,然后使用 Get-AzStorageAccount cmdlet。Set the variables for those two fields, then use the Get-AzStorageAccount cmdlet.

$resourceGroup = "myexistingresourcegroup"
$storageAccountName = "myexistingstorageaccount"

$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroup `
  -Name $storageAccountName

现在,你已有指向现有存储帐户的 $storageAccount。Now you have $storageAccount, which points to an existing storage account.

创建存储帐户Create a storage account

以下脚本将演示如何使用 New-AzStorageAccount 创建常规用途的存储帐户。The following script shows how to create a general-purpose storage account using New-AzStorageAccount. 创建帐户后,检索其上下文,该操作可以在后续命令中使用,而不针对每次调用指定身份验证。After you create the account, retrieve its context, which can be used in subsequent commands rather than specifying the authentication with each call.

# Get list of locations and select one.
Get-AzLocation | select Location
$location = "chinanorth"

# Create a new resource group.
$resourceGroup = "teststoragerg"
New-AzResourceGroup -Name $resourceGroup -Location $location

# Set the name of the storage account and the SKU name.
$storageAccountName = "testpshstorage"
$skuName = "Standard_LRS"

# Create the storage account.
$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroup `
  -Name $storageAccountName `
  -Location $location `
  -SkuName $skuName

# Retrieve the context.
$ctx = $storageAccount.Context

该脚本使用以下 PowerShell cmdlet:The script uses the following PowerShell cmdlets:

  • Get-AzLocation -- 检索有效位置的列表。Get-AzLocation -- retrieves a list of the valid locations. 该示例使用 chinanorth 作为位置。The example uses chinanorth for location.

  • New-AzResourceGroup -- 创建新资源组。New-AzResourceGroup -- creates a new resource group. 资源组是在其中部署和管理 Azure 资源的逻辑容器。A resource group is a logical container into which your Azure resources are deployed and managed. 我们的资源组称为 teststoragergOurs is called teststoragerg.

  • New-AzStorageAccount -- 创建存储帐户。New-AzStorageAccount -- creates the storage account. 该示例使用 testpshstorageThe example uses testpshstorage.

SKU 名称指示用于存储帐户的复制类型,如 LRS(本地冗余存储)。The SKU name indicates the type of replication for the storage account, such as LRS (Locally Redundant Storage). 有关复制的详细信息,请参阅 Azure 存储复制For more information about replication, see Azure Storage Replication.

Important

存储帐户的名称在 Azure 中是唯一的,并且必须采用小写。The name of your storage account must be unique within Azure and must be lowercase. 有关命名约定和限制的信息,请参阅命名和引用容器、Blob 和元数据For naming conventions and restrictions, see Naming and Referencing Containers, Blobs, and Metadata.

现在,你有新的存储帐户以及对它的引用。Now you have a new storage account and a reference to it.

管理存储帐户Manage the storage account

现在,已有对新存储帐户或现有存储帐户的引用,以下部分将介绍一些可用于管理存储帐户的命令。Now that you have a reference to a new storage account or an existing storage account, the following section shows some of the commands you can use to manage your storage account.

存储帐户属性Storage account properties

若要更改存储帐户的设置,请使用 Set-AzStorageAccountTo change the settings for a storage account, use Set-AzStorageAccount. 虽然无法更改存储帐户的位置或该帐户所在的资源组,但可以更改许多其他属性。While you can't change the location of a storage account, or the resource group in which it resides, you can change many of the other properties. 下面列出一些可使用 PowerShell 更改的属性。The following lists some of the properties you can change using PowerShell.

  • 分配给存储帐户的自定义域 。The custom domain assigned to the storage account.

  • 分配给存储帐户的标记 。The tags assigned to the storage account. 标记通常用于分类资源以进行计费。Tags are often used to categorize resources for billing purposes.

  • SKU 是存储帐户的复制设置,例如 LRS(对于本地冗余存储)。The SKU is the replication setting for the storage account, such as LRS for Locally Redundant Storage. 例如,可能会从标准_LRS 更改为标准_GRS 或标准_RAGRS。For example, you might change from Standard_LRS to Standard_GRS or Standard_RAGRS. 请注意,无法将 Premium_LRS 更改为其他 SKU,反之亦然。Note that you can't change Premium_LRS to other SKUs, or change other SKUs to these.

  • Blob 存储帐户的访问层 。The access tier for Blob storage accounts. 将访问层的值设置为“热” 或“冷” ,并允许用户通过选择符合存储帐户使用方式的访问层来最大限度地降低成本。The value for access tier is set to hot or cool, and allows you to minimize your cost by selecting the access tier that aligns with how you use the storage account. 有关详细信息,请参阅热、冷存储层和存档存储层For more information, see Hot, cool, and archive storage tiers.

  • 仅允许 HTTPS 流量。Only allow HTTPS traffic.

管理访问密钥Manage the access keys

Azure 存储帐户附带了两个帐户密钥。An Azure Storage account comes with two account keys. 若要检索密钥,请使用 Get-AzStorageAccountKeyTo retrieve the keys, use Get-AzStorageAccountKey. 此示例将检索第一个密钥。This example retrieves the first key. 若要检索另一个密钥,请使用 Value[1] 而不是 Value[0]To retrieve the other one, use Value[1] instead of Value[0].

$storageAccountKey = `
    (Get-AzStorageAccountKey `
    -ResourceGroupName $resourceGroup `
    -Name $storageAccountName).Value[0]

若要生成密钥,请使用 Get-AzStorageAccountKeyTo regenerate the key, use New-AzStorageAccountKey.

New-AzStorageAccountKey -ResourceGroupName $resourceGroup `
  -Name $storageAccountName `
  -KeyName key1

若要再生成另一个密钥,请将 key2 用作密钥名称,而不是 key1To regenerate the other key, use key2 as the key name instead of key1.

再生成其中一个密钥,然后再次对其进行检索以查看新值。Regenerate one of your keys and then retrieve it again to see the new value.

Note

为生产存储帐户再生成密钥之前,应进行仔细的规划。You should perform careful planning before regenerating the key for a production storage account. 再生成一个或两个密钥将无法再访问使用已再生成密钥的任何应用程序。Regenerating one or both keys will invalidate the access for any application using the key that was regenerated. 有关详细信息,请参阅管理存储帐户访问密钥For more information, see Manage storage account access keys.

删除存储帐户Delete a storage account

若要删除存储帐户,请使用 Remove-AzStorageAccountTo delete a storage account, use Remove-AzStorageAccount.

Remove-AzStorageAccount -ResourceGroup $resourceGroup -AccountName $storageAccountName

Important

在删除存储帐户时,还会删除该帐户中存储的所有资产。When you delete a storage account, all of the assets stored in the account are deleted as well. 如果意外删除某个帐户,请立即致电支持人员,并创建工单以还原该存储帐户。If you delete an account accidentally, call Support immediately and open a ticket to restore the storage account. 不保证数据能得以恢复,但有时上述操作能起作用。Recovery of your data is not guaranteed, but it does sometimes work. 在支持工单得到解决之前,请不要使用相同的旧帐户名创建新的存储帐户。Do not create a new storage account with the same name as the old one until the support ticket has been resolved.

使用 VNet 和防火墙保护存储帐户Protect your storage account using VNets and firewalls

默认情况下,所有存储帐户均可通过任何有权访问 Internet 的网络进行访问。By default, all storage accounts are accessible by any network that has access to the internet. 但是,可以配置网络规则,仅允许来自特定虚拟网络的应用程序访问存储帐户。However, you can configure network rules to only allow applications from specific virtual networks to access a storage account. 有关详细信息,请参阅配置 Azure 存储防火墙和虚拟网络For more information, see Configure Azure Storage Firewalls and Virtual Networks.

本文将演示如何使用以下 PowerShell cmdlet 管理这些设置:The article shows how to manage these settings using the following PowerShell cmdlets:

使用存储分析Use storage analytics

Azure 存储分析存储分析度量值存储分析日志记录组成。Azure Storage Analytics consists of Storage Analytics Metrics and Storage Analytics Logging.

存储分析度量值 用于收集 Azure 存储帐户的度量值,可用于监视存储帐户的运行情况。Storage Analytics Metrics is used to collect metrics for your Azure storage accounts that you can use to monitor the health of a storage account. 可针对 blob、文件、表和队列启用度量值。Metrics can be enabled for blobs, files, tables, and queues.

存储分析日志记录 在服务器端执行,可用于记录对存储帐户的成功和失败请求的相关详细信息。Storage Analytics Logging happens server-side and enables you to record details for both successful and failed requests to your storage account. 使用这些日志,可以查看针对表、队列和 Blob 的读取、写入和删除操作的详细信息,以及请求失败的原因。These logs enable you to see details of read, write, and delete operations against your tables, queues, and blobs as well as the reasons for failed requests. 日志记录不可用于 Azure 文件。Logging is not available for Azure Files.

可以使用 Azure 门户或 PowerShell 配置监视,也可以使用存储客户端库以编程方式配置监视。You can configure monitoring using the Azure portal, PowerShell, or programmatically using the storage client library.

Note

可以使用 PowerShell 启用分钟分析。You can enable minute analytics using PowerShell. 此功能在门户中不可用。This capability is not available in the portal.

管理存储帐户中的数据Manage the data in the storage account

了解如何使用 PowerShell 管理存储帐户后,请参阅以下文章了解如何访问存储帐户中的数据对象。Now that you understand how to manage your storage account with PowerShell, you can use the following articles to learn how to access the data objects in the storage account.

Azure Cosmos DB 表 API 提供了用于表存储的高级功能,如统包全局分发、低延迟读取和写入、自动辅助索引和专用吞吐量。Azure Cosmos DB Table API provides premium features for table storage such as turnkey global distribution, low latency reads and writes, automatic secondary indexing, and dedicated throughput.

Azure 的独立云部署Independent cloud deployments of Azure

大多数人为其全球 Azure 部署使用了 Azure 公有云。Most people use Azure Public Cloud for their global Azure deployment. 但出于主权等方面的原因,还存在一些独立的 Microsoft Azure 部署。There are also some independent deployments of Microsoft Azure for reasons of sovereignty and so on. 这些独立部署称为“环境”。These independent deployments are referred to as "environments." 可用环境如下:These are the available environments:

有关如何使用 PowerShell 访问这些云及其存储的信息,请参阅使用 PowerShell 管理 Azure 独立云中的存储For information about how to access these clouds and their storage with PowerShell, please see Managing Storage in the Azure independent clouds using PowerShell.

清理资源Clean up resources

如果在本练习中创建了新的资源组和存储帐户,可以通过删除资源组来删除所创建的所有资产。If you created a new resource group and a storage account for this exercise, yous can remove all of the assets you created by removing the resource group. 这会一并删除组中包含的所有资源。This also deletes all resources contained within the group. 在这种情况下,它会删除创建的存储帐户以及资源组本身。In this case, it removes the storage account created and the resource group itself.

Remove-AzResourceGroup -Name $resourceGroup

后续步骤Next steps

本操作说明文章介绍了使用管理平面 cmdlet 管理存储帐户的常见操作。This how-to article covers common operations using the management plane cmdlets to manage storage accounts. 你已了解如何:You learned how to:

  • 列出存储器帐户List storage accounts
  • 获取对现有存储帐户的引用Get a reference to an existing storage account
  • 创建存储帐户Create a storage account
  • 设置存储帐户属性Set storage account properties
  • 检索和再生成访问密钥Retrieve and regenerate the access keys
  • 保护对存储帐户的访问Protect access to your storage account
  • 启用存储分析Enable Storage Analytics

本文还提供了其他几篇参考文章的链接,例如,如何管理数据对象、如何启用存储分析,以及如何访问中国云、德国云和政府云等 Azure 独立云。This article also provided references to several other articles, such as how to manage the data objects, how to enable the Storage Analytics, and how to access the Azure independent clouds such as China Cloud, German Cloud, and Government Cloud. 下面是一些可供参考的其他相关文章和资源:Here are some more related articles and resources for reference: