通过 Azure CLI 2.0 创建和使用虚拟机规模集的共享映像Create and use shared images for virtual machine scale sets with the Azure CLI 2.0

创建规模集时,需指定部署 VM 实例时要使用的映像。When you create a scale set, you specify an image to be used when the VM instances are deployed. 共享映像库大大简化了整个组织中的自定义映像共享。A Shared Image Gallery simplifies custom image sharing across your organization. 自定义映像类似于市场映像,不同的是自定义映像的创建者是自己。Custom images are like marketplace images, but you create them yourself. 自定义映像可用于启动配置,例如预加载应用程序、应用程序配置和其他 OS 配置。Custom images can be used to bootstrap configurations such as preloading applications, application configurations, and other OS configurations.

共享映像库可让你与他人共享映像。The Shared Image Gallery lets you share your images with others. 选择要共享哪些映像,要在哪些区域中共享,以及希望与谁共享它们。Choose which images you want to share, which regions you want to make them available in, and who you want to share them with.

映像库是用于启用映像共享的主要资源。An image gallery is the primary resource used for enabling image sharing.

允许用于库名称的字符为大写或小写字母、数字、点和句点。Allowed characters for Gallery name are uppercase or lowercase letters, digits, dots, and periods. 库名称不能包含短划线。The gallery name cannot contain dashes. 库名称在你的订阅中必须唯一。Gallery names must be unique within your subscription.

使用 az sig create 创建一个映像库。Create an image gallery using az sig create. 以下示例在“中国东部”创建名为 myGalleryRG 的资源组,以及名为 myGallery 的库 。The following example creates a resource group named gallery named myGalleryRG in China East, and a gallery named myGallery.

az group create --name myGalleryRG --location chinaeast
az sig create --resource-group myGalleryRG --gallery-name myGallery

可以使用基于角色的访问控制 (RBAC) 在订阅之间共享映像。You can share images across subscriptions using Role-Based Access Control (RBAC). 可以在库、映像定义或映像版本级别共享映像。You can share images at the gallery, image definition or image version level. 任何对映像版本具有读取权限的用户,即使跨订阅,也能够使用映像版本部署 VM。Any user that has read permissions to an image version, even across subscriptions, will be able to deploy a VM using the image version.

建议在库级别与其他用户进行共享。We recommend that you share with other users at the gallery level. 若要获取库的对象 ID,请使用 az sig showTo get the object ID of your gallery, use az sig show.

az sig show \
   --resource-group myGalleryRG \
   --gallery-name myGallery \
   --query id

使用对象 ID 作为范围,并使用电子邮件地址和 az role assignment create 为用户授予对共享映像库的访问权限。Use the object ID as a scope, along with an email address and az role assignment create to give a user access to the shared image gallery. 请将 <email-address><gallery iD> 替换为自己的信息。Replace <email-address> and <gallery iD> with your own information.

az role assignment create \
   --role "Reader" \
   --assignee <email address> \
   --scope <gallery ID>

有关如何使用 RBAC 共享资源的详细信息,请参阅使用 RBAC 和 Azure CLI 管理访问权限For more information about how to share resources using RBAC, see Manage access using RBAC and Azure CLI.

后续步骤Next steps

有关共享映像库的详细信息,请参阅概述For more information about Shared Image Galleries, see the Overview. 如果遇到问题,请参阅排查共享映像库问题If you run into issues, see Troubleshooting shared image galleries.