Azure 虚拟机规模集常见问题解答Azure virtual machine scale sets FAQs

获取有关 Azure 虚拟机规模集常见问题的解答。Get answers to frequently asked questions about virtual machine scale sets in Azure.

有关规模集的热门常见问题解答Top frequently asked questions for scale sets

可在规模集中包含多少个 VM?How many VMs can I have in a scale set?

一个规模集可包含 0 到 1,000 个基于平台映像的 VM,或者 0 到 600 个基于自定义映像的 VM。A scale set can have 0 to 1,000 VMs based on platform images, or 0 to 600 VMs based on custom images.

规模集是否支持数据磁盘?Are data disks supported within scale sets?

是的。Yes. 规模集可以定义适用于集中所有 VM 的附加数据磁盘配置。A scale set can define an attached data disks configuration that applies to all VMs in the set. 有关详细信息,请参阅 Azure scale sets and attached data disks(Azure 规模集和附加的数据磁盘)。For more information, see Azure scale sets and attached data disks. 可用于存储数据的其他选项包括:Other options for storing data include:

  • Azure 文件(SMB 共享驱动器)Azure files (SMB shared drives)
  • OS 驱动器OS drive
  • 临时驱动器(本地,不是以 Azure 存储为基础)Temp drive (local, not backed by Azure Storage)
  • Azure 数据服务(例如 Azure 表、Azure Blob)Azure data service (for example, Azure tables, Azure blobs)
  • 外部数据服务(例如远程数据库)External data service (for example, remote database)

哪些 Azure 区域支持规模集?Which Azure regions support scale sets?

所有区域都支持规模集。All regions support scale sets.

如何使用自定义映像创建规模集?How do I create a scale set by using a custom image?

创建并捕获 VM 映像,然后将其用作规模集的源。Create and capture a VM image, then use that as the source for your scale set. 有关如何创建和使用自定义 VM 映像的教程,你可以使用 Azure CLIAzure PowerShellFor a tutorial on how to create and use a custom VM image, you can use the Azure CLI or Azure PowerShell

如果我将规模集容量从 20 减少到 15,会删除哪些 VM?If I reduce my scale set capacity from 20 to 15, which VMs are removed?

默认情况下,将从跨容错域的规模集中均匀地删除虚拟机,以最大限度地提高可用性。By default, virtual machines are removed from the scale set evenly across fault domains to maximize availability. 首先删除 ID 最大的 VM。VMs with the highest IDs are removed first.

可以通过为规模集指定横向缩减策略来更改虚拟机删除顺序。You can change the order of virtual machine removal by specifying a scale-in policy for the scale set.

如果将容量从 15 增加到 18,会发生什么情况?What if I then increase the capacity from 15 to 18?

如果将容量增加到 18,则创建 3 个新 VM。If you increase capacity to 18, then 3 new VMs are created. 每增加容量一次,VM 实例 ID 就会从以前的最高值(例如 20、21、22)递增。Each time, the VM instance ID is incremented from the previous highest value (for example, 20, 21, 22). VM 会在容错域之间进行均衡。VMs are balanced across fault domains.

在一个规模集中使用多个扩展时,是否可以强制规定执行序列?When I'm using multiple extensions in a scale set, can I enforce an execution sequence?

是的,可以使用规模集扩展序列化Yes, you can use scale set extension sequencing.

自动缩放Autoscale

Azure 自动缩放的最佳做法是什么?What are best practices for Azure Autoscale?

有关自动缩放的最佳做法,请参阅自动缩放虚拟机的最佳做法For best practices for Autoscale, see Best practices for autoscaling virtual machines.

在哪里可以找到使用基于主机的指标执行自动缩放时的相关指标名称?Where do I find metric names for autoscaling that uses host-based metrics?

有关使用基于主机的指标执行自动缩放时的相关指标名称,请参阅 Azure Monitor 支持的指标For metric names for autoscaling that uses host-based metrics, see Supported metrics with Azure Monitor.

基于 Azure 服务总线主题和队列长度的自动缩放是否有任何示例可供参考?Are there any examples of autoscaling based on an Azure Service Bus topic and queue length?

是的。Yes. 有关基于 Azure 服务总线主题和队列长度的自动缩放示例,请参阅 Azure Monitor 自动缩放常用指标For examples of autoscaling based on an Azure Service Bus topic and queue length, see Azure Monitor autoscaling common metrics.

对于服务总线队列,请使用以下 JSON:For a Service Bus queue, use the following JSON:

"metricName": "MessageCount",
"metricNamespace": "",
"metricResourceUri": "/subscriptions/s1/resourceGroups/rg1/providers/Microsoft.ServiceBus/namespaces/mySB/queues/myqueue"

对于存储队列,请使用以下 JSON:For a storage queue, use the following JSON:

"metricName": "ApproximateMessageCount",
"metricNamespace": "",
"metricResourceUri": "/subscriptions/s1/resourceGroups/rg1/providers/Microsoft.ClassicStorage/storageAccounts/mystorage/services/queue/queues/mystoragequeue"

将示例值替换为资源的统一资源标识符 (URI)。Replace example values with your resource Uniform Resource Identifiers (URIs).

应该使用基于主机的指标还是使用诊断扩展来执行自动缩放?Should I autoscale by using host-based metrics or a diagnostics extension?

可以在 VM 上创建自动缩放设置,以使用主机级指标或基于来宾 OS 的指标。You can create an autoscale setting on a VM to use host-level metrics or guest OS-based metrics.

关于受支持的指标列表,请参阅 Azure Monitor 自动缩放常用指标For a list of supported metrics, see Azure Monitor autoscaling common metrics.

关于虚拟机规模集的完整示例,请参阅使用虚拟机规模集的 Resource Manager 模板的高级自动缩放配置For a full sample for virtual machine scale sets, see Advanced autoscale configuration by using Resource Manager templates for virtual machine scale sets.

此示例使用主机级 CPU 指标和消息计数指标。The sample uses the host-level CPU metric and a message count metric.

如何对虚拟机规模集设置警报规则?How do I set alert rules on a virtual machine scale set?

通过 PowerShell 或 Azure CLI,可以为虚拟机规模集创建指标警报。You can create alerts on metrics for virtual machine scale sets via PowerShell or Azure CLI.

虚拟机规模集的 TargetResourceId 如下所示:The TargetResourceId of the virtual machine scale set looks like this:

/subscriptions/yoursubscriptionid/resourceGroups/yourresourcegroup/providers/Microsoft.Compute/virtualMachineScaleSets/yourvmssname/subscriptions/yoursubscriptionid/resourceGroups/yourresourcegroup/providers/Microsoft.Compute/virtualMachineScaleSets/yourvmssname

可以选择任何 VM 性能计数器作为要对其设置警报的指标。You can choose any VM performance counter as the metric to set an alert for. 有关详细信息,请参阅 Azure Monitor 自动缩放常用指标中的基于 Resource Manager 的 Windows VM 的来宾 OS 指标Linux VM 的来宾 OS 指标For more information, see Guest OS metrics for Resource Manager-based Windows VMs and Guest OS metrics for Linux VMs in the Azure Monitor autoscaling common metrics article.

如何使用 PowerShell 对虚拟机规模集设置自动缩放?How do I set up autoscale on a virtual machine scale set by using PowerShell?

若要使用 PowerShell 对虚拟机规模集设置自动缩放,请参阅自动缩放虚拟机规模集To set up autoscale on a virtual machine scale set by using PowerShell, see automatically scale a virtual machine scale set. 你还可以使用 Azure CLIAzure 模板配置自动缩放You can also configure autoscale with the Azure CLI and Azure templates

如果我已停止(解除分配)VM,该 VM 是否作为自动缩放操作的一部分启动?If I have stopped (deallocated) a VM, is that VM started as part of an autoscale operation?

否。No. 如果自动缩放规则要求将其他 VM 实例作为规模集的一部分,则会创建新的 VM 实例。If autoscale rules require additional VM instances as part of a scale set, a new VM instance is created. 停止(解除分配)的 VM 实例不会作为自动缩放事件的一部分启动。VM instances that are stopped (deallocated) are not started as part of an autoscale event. 但是,那些已停止(解除分配)的 VM 可能会作为可缩小实例数的自动缩放事件的一部分删除,这与基于 VM 实例 ID 的顺序可以删除任何 VM 实例的方式相同。However, those stopped (deallocated) VMs may be deleted as part of an autoscale event that scales in the number of instances, the same way that any VM instance may be deleted based on the order of VM instance ID.

证书Certificates

如何安全地将证书传送到 VM?How do I securely ship a certificate to the VM?

为了将证书安全地传送到 VM,可以将客户证书从客户的密钥保管库直接安装到 Windows 证书存储中。To securely ship a certificate to the VM, you can install a customer certificate directly into a Windows certificate store from the customer's key vault.

使用以下值 JSON:Use the following JSON:

"secrets": [
    {
        "sourceVault": {
            "id": "/subscriptions/{subscriptionid}/resourceGroups/myrg1/providers/Microsoft.KeyVault/vaults/mykeyvault1"
        },
        "vaultCertificates": [
            {
                "certificateUrl": "https://mykeyvault1.vault.azure.cn/secrets/{secretname}/{secret-version}",
                "certificateStore": "certificateStoreName"
            }
        ]
    }
]

该代码支持 Windows 和 Linux。The code supports Windows and Linux.

有关详细信息,请参阅创建或更新虚拟机规模集For more information, see Create or update a virtual machine scale set.

如何使用为 Azure Service Fabric 群集预配的自签名证书?How do I use self-signed certificates provisioned for Azure Service Fabric Clusters?

如需最新的示例,请在 azure shell 中使用以下 azure CLI 语句,阅读 Service Fabrics CLI 模块示例文档,该文档将打印到 stdout:For the latest example use the following azure CLI statement within azure shell, read Service Fabrics CLI module Example documentation, which will be printed to stdout:

az sf cluster create -h

自签名证书不能用于证书颁发机构提供的分布式信任,也不应用于任何旨在托管企业生产解决方案的 Service Fabric 群集;有关其他 Service Fabric 安全指南,请查看 Azure Service Fabric 安全最佳做法Service Fabric 群集安全方案Self-signed certificates can not be used for distributed trust provided by a Certificate Authority, and should not be used for any Service Fabric Cluster intended to host enterprise production solutions; for additional Service Fabric Security guidance, review Azure Service Fabric Security Best Practices and Service Fabric cluster security scenarios.

是否可以通过 Resource Manager 模板指定一个 SSH 密钥对,用于对 Linux 虚拟机规模集进行 SSH 身份验证?Can I specify an SSH key pair to use for SSH authentication with a Linux virtual machine scale set from a Resource Manager template?

是的。Yes. 用于 osProfile 的 REST API 类似于标准 VM REST API。The REST API for osProfile is similar to the standard VM REST API.

在模板中包括 osProfileInclude osProfile in your template:

"osProfile": {
    "computerName": "[variables('vmName')]",
    "adminUsername": "[parameters('adminUserName')]",
    "linuxConfiguration": {
        "disablePasswordAuthentication": "true",
        "ssh": {
            "publicKeys": [
                {
                    "path": "[variables('sshKeyPath')]",
                    "keyData": "[parameters('sshKeyData')]"
                }
            ]
        }
    }
}

此 JSON 块用于此 Azure 快速入门模板This JSON block is used in this Azure quickstart template.

有关详细信息,请参阅创建或更新虚拟机规模集For more information, see Create or update a virtual machine scale set.

如何删除已弃用的证书?How do I remove deprecated certificates?

若要删除已弃用的证书,请从保管库证书列表中删除旧证书。To remove deprecated certificates, remove the old certificate from the vault certificates list. 在列表中留下想要在计算机上保留的所有证书。Leave all the certificates that you want to remain on your computer in the list. 这不会删除所有虚拟机中的证书。This does not remove the certificate from all your VMs. 也不会向虚拟机规模集中创建的新 VM 添加证书。It also does not add the certificate to new VMs that are created in the virtual machine scale set.

若要从现有 VM 中删除证书,请使用自定义脚本扩展从证书存储中手动删除证书。To remove the certificate from existing VMs, use a custom script extension to manually remove the certificates from your certificate store.

如何在预配期间将现有的 SSH 公钥注入到虚拟机规模集 SSH 层?How do I inject an existing SSH public key into the virtual machine scale set SSH layer during provisioning?

如果仅向 VM 提供 SSH 公钥,则不需要将公钥放在 Key Vault 中。If you are providing the VMs only with a public SSH key, you don't need to put the public keys in Key Vault. 公钥不是机密。Public keys are not secret.

可以在创建 Linux VM 时以明文形式提供 SSH 公钥:You can provide SSH public keys in plain text when you create a Linux VM:

"linuxConfiguration": {
    "ssh": {
        "publicKeys": [
            {
                "path": "path",
                "keyData": "publickey"
            }
        ]
    }
}
linuxConfiguration 元素名称linuxConfiguration element name 必须Required 类型Type 说明Description
sshssh No 集合Collection 指定 Linux OS 的 SSH 密钥配置Specifies the SSH key configuration for a Linux OS
pathpath Yes StringString 指定 SSH 密钥或证书应放置到的 Linux 文件路径Specifies the Linux file path where the SSH keys or certificate should be located
keyDatakeyData Yes StringString 指定 base64 编码的 SSH 公钥Specifies a base64-encoded SSH public key

有关示例,请参阅 101-vm-sshkey GitHub 快速入门模板For an example, see the 101-vm-sshkey GitHub quickstart template.

添加同一个密钥保管库中的多个证书后,运行 Update-AzVmss 时看到以下消息:When I run Update-AzVmss after adding more than one certificate from the same key vault, I see the following message:

Update-AzVmss:列表机密包含重复的 /subscriptions/<my-subscription-id>/resourceGroups/internal-rg-dev/providers/Microsoft.KeyVault/vaults/internal-keyvault-dev, which is disallowed. 实例,这是不允许的。Update-AzVmss: List secret contains repeated instances of /subscriptions/<my-subscription-id>/resourceGroups/internal-rg-dev/providers/Microsoft.KeyVault/vaults/internal-keyvault-dev, which is disallowed.

如果尝试重新添加同一保管库,而不是使用现有源保管库的新保管库证书,可能会看到此消息。This can happen if you try to re-add the same vault instead of using a new vault certificate for the existing source vault. 如果要添加其他机密,Add-AzVmssSecret 命令无法正常运行。The Add-AzVmssSecret command does not work correctly if you are adding additional secrets.

若要添加同一密钥保管库中的其他机密,请更新 $vmss.properties.osProfile.secrets[0].vaultCertificates 列表。To add more secrets from the same key vault, update the $vmss.properties.osProfile.secrets[0].vaultCertificates list.

对于预期的输入结构,请参阅创建或更新虚拟机集For the expected input structure, see Create or update a virtual machine set.

在密钥保管库中的虚拟机规模集对象中找到该机密。Find the secret in the virtual machine scale set object that is in the key vault. 然后,将证书引用(URL 以及机密存储名称)添加到与保管库关联的列表中。Then, add your certificate reference (the URL and the secret store name) to the list associated with the vault.

备注

目前,不能通过使用虚拟机规模集 API 删除 VM 中的证书。Currently, you cannot remove certificates from VMs by using the virtual machine scale set API.

新的 VM 不具有旧证书。New VMs will not have the old certificate. 但是,具有证书的 VM 和已部署的 VM 将具有旧证书。However, VMs that have the certificate and which are already deployed will have the old certificate.

如果证书位于机密存储中,是否可以在不提供密码的情况下将证书推送到虚拟机规模集?Can I push certificates to the virtual machine scale set without providing the password, when the certificate is in the secret store?

不需要对脚本中的密码进行硬编码。You do not need to hard-code passwords in scripts. 可以使用运行部署脚本的权限来动态检索密码。You can dynamically retrieve passwords with the permissions you use to run the deployment script. 如果某个脚本可移动机密存储密钥保管库的证书,机密存储 get certificate 命令也会输出 pfx 文件的密码。If you have a script that moves a certificate from the secret store key vault, the secret store get certificate command also outputs the password of the .pfx file.

虚拟机规模集的 virtualMachineProfile.osProfile 的 Secrets 属性的工作原理是什么?How does the Secrets property of virtualMachineProfile.osProfile for a virtual machine scale set work? 使用 certificateUrl 属性指定证书的绝对 URI 时,为什么需要 sourceVault 值?Why do I need the sourceVault value when I have to specify the absolute URI for a certificate by using the certificateUrl property?

Windows 远程管理 (WinRM) 证书引用必须在 OS 配置文件的 Secrets 属性中存在。A Windows Remote Management (WinRM) certificate reference must be present in the Secrets property of the OS profile.

指示源保管库的目的在于强制实施访问控制列表 (ACL) 策略,该策略存在于用户的 Azure 云服务模型中。The purpose of indicating the source vault is to enforce access control list (ACL) policies that exist in a user's Azure Cloud Service model. 如果源保管库未指定,无权在密钥保管库中部署或访问机密的用户可以通过计算资源提供程序 (CRP) 实现此目的。If the source vault isn't specified, users who do not have permissions to deploy or access secrets to a key vault would be able to through a Compute Resource Provider (CRP). 即使是不存在的资源,它们也有 ACL。ACLs exist even for resources that do not exist.

如果提供错误的源保管库 ID 但提供有效的保管库 URL,轮询操作时系统会报告错误。If you provide an incorrect source vault ID but a valid key vault URL, an error is reported when you poll the operation.

如果将机密添加到现有虚拟机规模集,机密会注入到现有 VM 中,还是仅注入到新 VM 中?If I add secrets to an existing virtual machine scale set, are the secrets injected into existing VMs, or only into new ones?

证书将添加到所有 VM,包括现有的 VM。Certificates are added to all your VMs, even pre-existing ones. 如果虚拟机规模集的 upgradePolicy 属性设置为“手动”,对 VM 执行手动更新时,证书会添加到该 VM。If your virtual machine scale set upgradePolicy property is set to manual, the certificate is added to the VM when you perform a manual update on the VM.

在 Linux VM 上,证书放在哪个位置?Where do I put certificates for Linux VMs?

若要了解如何部署 Linux VM 的证书,请参阅将证书从客户管理的 Key Vault 部署到 VMTo learn how to deploy certificates for Linux VMs, see Deploy certificates to VMs from a customer-managed key vault.

如何将新的保管库证书添加到新的证书对象?How do I add a new vault certificate to a new certificate object?

要将保管库证书添加到现有机密,请参阅下面的 PowerShell 示例。To add a vault certificate to an existing secret, see the following PowerShell example. 仅使用一个机密对象。Use only one secret object.

$newVaultCertificate = New-AzVmssVaultCertificateConfig -CertificateStore MY -CertificateUrl https://sansunallapps1.vault.azure.cn:443/secrets/dg-private-enc/55fa0332edc44a84ad655298905f1809

$vmss.VirtualMachineProfile.OsProfile.Secrets[0].VaultCertificates.Add($newVaultCertificate)

Update-AzVmss -VirtualMachineScaleSet $vmss -ResourceGroup $rg -Name $vmssName

如果重置 VM 的映像,证书会发生什么情况?What happens to certificates if you reimage a VM?

如果重置 VM 的映像,则会删除证书。If you reimage a VM, certificates are deleted. 重置映像会删除整个 OS 磁盘。Reimaging deletes the entire OS disk.

从 Key Vault 中删除证书会发生什么情况?What happens if you delete a certificate from the key vault?

如果从密钥保管库中删除机密,然后对所有 VM 运行 stop deallocate,则再次启动这些 VM 时,将发生失败。If the secret is deleted from the key vault, and then you run stop deallocate for all your VMs and then start them again, you encounter a failure. 失败发生的原因是 CRP 需要从密钥保管库检索机密,但它无法进行检索。The failure occurs because the CRP needs to retrieve the secrets from the key vault, but it cannot. 在这种情况下,可以从虚拟机规模集模型中删除证书。In this scenario, you can delete the certificates from the virtual machine scale set model.

CRP 组件不会持久保留客户机密。The CRP component does not persist customer secrets. 如果对虚拟机规模集中的所有虚拟机运行 stop deallocate,会删除缓存。If you run stop deallocate for all VMs in the virtual machine scale set, the cache is deleted. 在这种情况下,从密钥保管库中检索机密。In this scenario, secrets are retrieved from the key vault.

扩大时不会遇到此问题,因为(单 Fabric 租户模型中的)Azure Service Fabric 中存在机密的缓存副本。You don't encounter this problem when scaling out because there is a cached copy of the secret in Azure Service Fabric (in the single-fabric tenant model).

使用 Key Vault 时,为什么需要指定证书版本?Why do I have to specify the certificate version when I use Key Vault?

Key Vault 要求指定证书版本的目的是为了使用户清楚地了解哪些证书部署在其 VM 上。The purpose of the Key Vault requirement to specify the certificate version is to make it clear to the user what certificate is deployed on their VMs.

如果创建了 VM,并更新了密钥保管库中的机密,则新证书不会下载到 VM。If you create a VM and then update your secret in the key vault, the new certificate is not downloaded to your VMs. 但是,VM 看上去像是引用了该证书,并且新 VM 会获取新机密。But your VMs appear to reference it, and new VMs get the new secret. 要避免此问题,需要引用机密的版本。To avoid this, you are required to reference a secret version.

要将 .cer 公钥部署到虚拟机规模集,可以生成仅包含 .cer 文件的 .pfx 文件。To deploy .cer public keys to a virtual machine scale set, you can generate a .pfx file that contains only .cer files. 为此,请使用 X509ContentType = PfxTo do this, use X509ContentType = Pfx. 例如,将 .cer 文件作为 x509Certificate2 对象加载到 C# 或 PowerShell 中,然后调用该方法。For example, load the .cer file as an x509Certificate2 object in C# or PowerShell, and then call the method.

有关详细信息,请参阅 X509Certificate.Export 方法 (X509ContentType, String)For more information, see X509Certificate.Export Method (X509ContentType, String).

如何以 base64 字符串形式传入证书?How do I pass in certificates as base64 strings?

若要模拟以 base64 字符串形式传入证书,可以在 Resource Manager 模板中提取最新版本的 URL。To emulate passing in a certificate as a base64 string, you can extract the latest versioned URL in a Resource Manager template. 在 Resource Manager 模板中包含以下 JSON 属性:Include the following JSON property in your Resource Manager template:

"certificateUrl": "[reference(resourceId(parameters('vaultResourceGroup'), 'Microsoft.KeyVault/vaults/secrets', parameters('vaultName'), parameters('secretName')), '2015-06-01').secretUriWithVersion]"

是否需要在密钥保管库中将证书包装在 JSON 对象中?Do I have to wrap certificates in JSON objects in key vaults?

在虚拟机规模集和 VM 中,必须在 JSON 对象中包装证书。In virtual machine scale sets and VMs, certificates must be wrapped in JSON objects.

我们还支持 application/x-pkcs12 内容类型。We also support the content type application/x-pkcs12.

我们目前不支持 .cer 文件。We currently do not support .cer files. 要使用.cer 文件,请将其导出到.pfx 容器中。To use .cer files, export them into .pfx containers.

符合性和安全性Compliance and Security

虚拟机规模集是否符合 PCI 规范?Are virtual machine scale sets PCI-compliant?

虚拟机规模集是 CRP 之上的一个精简 API 层。Virtual machine scale sets are a thin API layer on top of the CRP. 这两个组件是 Azure 服务树中的计算平台的一部分。Both components are part of the compute platform in the Azure service tree.

从合规性角度看,虚拟机规模集是 Azure 计算平台的基础部分。From a compliance perspective, virtual machine scale sets are a fundamental part of the Azure compute platform. 它们与 CRP 共享团队、工具、进程、部署方法、安全控制、实时 (JIT) 编译、监视、警报等。They share a team, tools, processes, deployment methodology, security controls, just-in-time (JIT) compilation, monitoring, alerting, and so on, with the CRP itself. 虚拟机规模集符合支付卡行业 (PCI) 规范,因为 CRP 属于当前 PCI 数据安全标准 (DSS) 证明的一部分。Virtual machine scale sets are Payment Card Industry (PCI)-compliant because the CRP is part of the current PCI Data Security Standard (DSS) attestation.

有关详细信息,请参阅 Microsoft 信任中心For more information, see the Microsoft Trust Center.

是否可以将 Azure 资源的托管标识用于虚拟机规模集?Does managed identities for Azure resources work with virtual machine scale sets?

是的。Yes. 可在适用于 LinuxWindows 的“Azure 快速入门”模板中查看一些示例 MSI 模板。You can see some example MSI templates in Azure Quickstart templates for Linux and Windows.

正在删除Deleting

删除实例时,是否遵守我在虚拟机规模集实例上设置的锁?Will the locks I set in place on virtual machine scale set instances be respected when deleting instances?

在 Azure 门户中,可通过选择多个实例来删除单个实例或批量删除。In the Azure Portal, you have the ability to delete an individual instance or bulk delete by selecting multiple instances. 如果尝试删除带有锁的单个实例,则遵守此锁,并且你将无法删除该实例。If you attempt to delete a single instance that has a lock in place, the lock is respected and you will not be able to delete the instance. 但是,如果批量选择多个实例,并且这些实例中的任何一个实例都带有锁,则不遵守锁,并且所有选定的实例都将被删除。However, if you bulk select multiple instances and any of those instances have a lock in place, the lock(s) will not be respected and all of the selected instances will be deleted.

在 Azure CLI 中,只能删除单个实例。In Azure CLI, you only have the ability to delete an individual instance. 如果尝试删除带有锁的单个实例,则遵守此锁,并且你将无法删除该实例。If you attempt to delete a single instance that has a lock in place, the lock is respected and you will not be able to delete that instance.

扩展Extensions

如何删除虚拟机规模集扩展?How do I delete a virtual machine scale set extension?

若要删除虚拟机规模集扩展,请使用以下 PowerShell 示例:To delete a virtual machine scale set extension, use the following PowerShell example:

$vmss = Get-AzVmss -ResourceGroupName "resource_group_name" -VMScaleSetName "vmssName"

$vmss=Remove-AzVmssExtension -VirtualMachineScaleSet $vmss -Name "extensionName"

Update-AzVmss -ResourceGroupName "resource_group_name" -VMScaleSetName "vmssName" -VirtualMacineScaleSet $vmss

可以在 $vmss 中找到 extensionName 值。You can find the extensionName value in $vmss.

与 Azure Monitor 日志集成的虚拟机规模集模板是否有任何示例可供参考?Is there a virtual machine scale set template example that integrates with Azure Monitor logs?

有关与 Azure Monitor 日志集成的虚拟机规模集模板示例,请参阅部署 Azure Service Fabric 群集,并通过使用 Azure Monitor 日志来启用监视中的第二个示例。For a virtual machine scale set template example that integrates with Azure Monitor logs, see the second example in Deploy an Azure Service Fabric cluster and enable monitoring by using Azure Monitor logs.

如何将扩展添加到虚拟机规模集中的所有 VM?How do I add an extension to all VMs in my virtual machine scale set?

如果更新策略设置为自动,使用新扩展属性重新部署模板可更新所有 VM。If update policy is set to automatic, redeploying the template with the new extension properties updates all VMs.

如果更新策略设置为“手动”,先更新扩展,并手动更新 VM 中的所有实例。If update policy is set to manual, first update the extension, and then manually update all instances in your VMs.

如果更新与现有虚拟机规模集关联的扩展,是否会影响现有的 VM?If the extensions associated with an existing virtual machine scale set are updated, are existing VMs affected?

如果更新虚拟机规模集模型中的扩展定义,且将 upgradePolicy 属性设置为“自动”,则会更新 VM。If the extension definition in the virtual machine scale set model is updated and the upgradePolicy property is set to automatic, it updates the VMs. 如果 upgradePolicy 属性设置为“手动”,扩展会标记为不匹配模型。If the upgradePolicy property is set to manual, extensions are flagged as not matching the model.

对现有的计算机进行服务修复或重置映像时,是否会再次运行扩展?Are extensions run again when an existing machine is service-healed or reimaged?

如果对现有 VM 执行服务修复,这种行为类似于重新启动,因此不会重新运行扩展。If an existing VM is service-healed, it appears as a reboot, and the extensions are not run again. 如果对 VM 重置映像,该过程类似于将 OS 驱动器替换为源映像。If a VM is reimaged, the process is similar replacing the OS drive with the source image. 在这种情况下,将重新运行最新模型中的任何专用设置(如扩展)。Any specialization from the latest model, such as extensions, are run again.

如何将虚拟机规模集加入到 Active Directory 域?How do I join a virtual machine scale set to an Active Directory domain?

若要将虚拟机规模集加入到 Active Directory (AD) 域,可以定义扩展。To join a virtual machine scale set to an Active Directory (AD) domain, you can define an extension.

若要定义扩展,请使用 JsonADDomainExtension 属性:To define an extension, use the JsonADDomainExtension property:

"extensionProfile": {
    "extensions": [
        {
            "name": "joindomain",
            "properties": {
                "publisher": "Microsoft.Compute",
                "type": "JsonADDomainExtension",
                "typeHandlerVersion": "1.3",
                "settings": {
                    "Name": "[parameters('domainName')]",
                    "OUPath": "[variables('ouPath')]",
                    "User": "[variables('domainAndUsername')]",
                    "Restart": "true",
                    "Options": "[variables('domainJoinOptions')]"
                },
                "protectedsettings": {
                    "Password": "[parameters('domainJoinPassword')]"
                }
            }
        }
    ]
}

虚拟机规模集扩展尝试安装需要重新启动的内容。My virtual machine scale set extension is trying to install something that requires a reboot.

如果虚拟机规模集扩展尝试安装需要重新启动的内容,可以使用 Azure 自动化所需状态配置 (Automation DSC) 扩展。If your virtual machine scale set extension is trying to install something that requires a reboot, you can use the Azure Automation Desired State Configuration (Automation DSC) extension. 如果操作系统为 Windows Server 2012 R2,Azure 将拉入 Windows Management Framework (WMF) 5.0 安装程序,重新启动,然后继续使用该配置。If the operating system is Windows Server 2012 R2, Azure pulls in the Windows Management Framework (WMF) 5.0 setup, reboots, and then continues with the configuration.

如何在虚拟机规模集中启用反恶意软件?How do I turn on antimalware in my virtual machine scale set?

若要在虚拟机规模集中启用反恶意软件,请使用以下 PowerShell 示例:To turn on antimalware on your virtual machine scale set, use the following PowerShell example:

$rgname = 'autolap'
$vmssname = 'autolapbr'
$location = 'chinanorth'

# Retrieve the most recent version number of the extension.
$allVersions= (Get-AzVMExtensionImage -Location $location -PublisherName "Microsoft.Azure.Security" -Type "IaaSAntimalware").Version
$versionString = $allVersions[($allVersions.count)-1].Split(".")[0] + "." + $allVersions[($allVersions.count)-1].Split(".")[1]

$VMSS = Get-AzVmss -ResourceGroupName $rgname -VMScaleSetName $vmssname
echo $VMSS
Add-AzVmssExtension -VirtualMachineScaleSet $VMSS -Name "IaaSAntimalware" -Publisher "Microsoft.Azure.Security" -Type "IaaSAntimalware" -TypeHandlerVersion $versionString
Update-AzVmss -ResourceGroupName $rgname -Name $vmssname -VirtualMachineScaleSet $VMSS

如何执行一个在专用存储帐户中托管的自定义脚本?How do I execute a custom script that's hosted in a private storage account?

若要执行在私有存储帐户中托管的自定义脚本,请通过存储帐户密钥和名称来设置受保护的设置。To execute a custom script that's hosted in a private storage account, set up protected settings with the storage account key and name. 有关详细信息,请参阅自定义脚本扩展For more information, see Custom Script Extension.

密码Passwords

如何对虚拟机规模集中的 VM 重置密码?How do I reset the password for VMs in my virtual machine scale set?

可采用两种主要方法为规模集中的 VM 更改密码。There are two main ways to change the password for VMs in scale sets.

  • 直接更改虚拟机规模集模型。Change the virtual machine scale set model directly. 适用于 API 2017-12-01 及更高版本。Available with API 2017-12-01 and later.

    直接在规模集模型中更新管理凭据(例如,使用 Azure 资源浏览器、PowerShell 或 CLI)。Update the admin credentials directly in the scale set model (for example using the Azure Resource Explorer, PowerShell or CLI). 规模集完成更新后,所有新的 VM 将获得全新凭据。Once the scale set is updated, all new VMs have the new credentials. 现有 VM 只有被重置映像时才获得新凭据。Existing VMs only have the new credentials if they are reimaged.

  • 使用 VM 访问扩展重置密码。Reset the password using the VM access extensions. 请确保遵循此处所述的密码要求。Make sure to follow the password requirements as described here.

    使用以下 PowerShell 示例:Use the following PowerShell example:

    $vmssName = "myvmss"
    $vmssResourceGroup = "myvmssrg"
    $publicConfig = @{"UserName" = "newuser"}
    $privateConfig = @{"Password" = "********"}
    
    $extName = "VMAccessAgent"
    $publisher = "Microsoft.Compute"
    $vmss = Get-AzVmss -ResourceGroupName $vmssResourceGroup -VMScaleSetName $vmssName
    $vmss = Add-AzVmssExtension -VirtualMachineScaleSet $vmss -Name $extName -Publisher $publisher -Setting $publicConfig -ProtectedSetting $privateConfig -Type $extName -TypeHandlerVersion "2.0" -AutoUpgradeMinorVersion $true
    Update-AzVmss -ResourceGroupName $vmssResourceGroup -Name $vmssName -VirtualMachineScaleSet $vmss
    

网络Networking

是否可以将网络安全组 (NSG) 分配给规模集,以便将其应用于集中的所有 VM NIC?Is it possible to assign a Network Security Group (NSG) to a scale set, so that it applies to all the VM NICs in the set?

是的。Yes. 网络安全组可以直接应用于规模集,方法是在网络配置文件的 networkInterfaceConfigurations 部分引用该组。A Network Security Group can be applied directly to a scale set by referencing it in the networkInterfaceConfigurations section of the network profile. 示例:Example:

"networkProfile": {
    "networkInterfaceConfigurations": [
        {
            "name": "nic1",
            "properties": {
                "primary": "true",
                "ipConfigurations": [
                    {
                        "name": "ip1",
                        "properties": {
                            "subnet": {
                                "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/subnet1')]"
                            },
                            "loadBalancerInboundNatPools": [
                                {
                                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/natPool1')]"
                                }
                            ],
                            "loadBalancerBackendAddressPools": [
                                {
                                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/addressPool1')]"
                                }
                            ]
                        }
                    }
                ],
                "networkSecurityGroup": {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
                }
            }
        }
    ]
}

如何针对同一订阅和同一区域中的虚拟机规模集执行 VIP 交换?How do I do a VIP swap for virtual machine scale sets in the same subscription and same region?

如果有两个包含 Azure 负载均衡器前端的虚拟机规模集,并且它们位于同一订阅和区域中,可以解除分配它们的公共 IP 地址,并将公共 IP 地址分配给其他资源。If you have two virtual machine scale sets with Azure Load Balancer front-ends, and they are in the same subscription and region, you could deallocate the public IP addresses from each one, and assign to the other. 有关示例,请参阅 VIP 交换:Azure 资源管理器中的蓝绿部署See VIP Swap: Blue-green deployment in Azure Resource Manager for example. 但这确实意味着延迟,因为要在网络级别解除分配/分配资源。This does imply a delay though as the resources are deallocated/allocated at the network level. 更快的做法是将 Azure 应用程序网关与两个后端池和路由规则结合使用。A faster option is to use Azure Application Gateway with two backend pools, and a routing rule. 也可以使用支持快速切换暂存槽和生产槽的 Azure 应用服务托管应用程序。Alternatively, you could host your application with Azure App service which provides support for fast switching between staging and production slots.

如何为静态专用 IP 地址分配指定专用 IP 地址范围?How do I specify a range of private IP addresses to use for static private IP address allocation?

IP 地址是从指定的子网中选择的。IP addresses are selected from a subnet that you specify.

虚拟机规模集 IP 地址的分配方法始终为“动态”,但这并不意味着可以更改这些 IP 地址。The allocation method of virtual machine scale set IP addresses is always “dynamic,” but that doesn't mean that these IP addresses can change. 在这种情况下,“动态”仅意味不在 PUT 请求中指定 IP 地址。In this case, "dynamic" only means that you do not specify the IP address in a PUT request. 通过使用子网设置静态集。Specify the static set by using the subnet.

如何将虚拟机规模集部署到现有的 Azure 虚拟网络?How do I deploy a virtual machine scale set to an existing Azure virtual network?

若要将虚拟机规模集部署到现有的 Azure 虚拟网络,请参阅将虚拟机规模集部署到现有的 Azure 虚拟网络To deploy a virtual machine scale set to an existing Azure virtual network, see Deploy a virtual machine scale set to an existing virtual network.

能否将规模集与加速网络结合使用?Can I use scale sets with Accelerated Networking?

是的。Yes. 若要使用加速网络,请在规模集的 networkInterfaceConfigurations 设置中将 enableAcceleratedNetworking 设置为 true。To use accelerated networking, set enableAcceleratedNetworking to true in your scale set's networkInterfaceConfigurations settings. 例如For example

"networkProfile": {
    "networkInterfaceConfigurations": [
        {
            "name": "niconfig1",
            "properties": {
                "primary": true,
                "enableAcceleratedNetworking" : true,
                "ipConfigurations": [
                ]
            }
        }
    ]
}

如何配置规模集使用的 DNS 服务器?How can I configure the DNS servers used by a scale set?

若要创建具有自定义 DNS 配置的虚拟机规模集,请将 dnsSettings JSON 数据包添加到规模集的 networkInterfaceConfigurations 部分中。To create a virtual machine scale set with a custom DNS configuration, add a dnsSettings JSON packet to the scale set networkInterfaceConfigurations section. 示例:Example:

    "dnsSettings":{
        "dnsServers":["10.0.0.6", "10.0.0.5"]
    }

如何将规模集配置为向每个 VM 分配公共 IP 地址?How can I configure a scale set to assign a public IP address to each VM?

要创建向每个 VM 分配公共 IP 地址的虚拟机规模集,请确保 Microsoft.Compute/virtualMachineScaleSets 资源的 API 版本为 2017-03-30,并将 publicipaddressconfiguration JSON 数据包添加到规模集的 ipConfigurations 部分中。To create a virtual machine scale set that assigns a public IP address to each VM, make sure the API version of the Microsoft.Compute/virtualMachineScaleSets resource is 2017-03-30, and add a publicipaddressconfiguration JSON packet to the scale set ipConfigurations section. 示例:Example:

    "publicipaddressconfiguration": {
        "name": "pub1",
        "properties": {
        "idleTimeoutInMinutes": 15
        }
    }

能否配置与多个应用程序网关配合使用的规模集?Can I configure a scale set to work with multiple Application Gateways?

是的。Yes. 可将多个应用程序网关后端地址池的资源 ID 添加到规模集网络配置文件的 ipConfigurations 部分的 applicationGatewayBackendAddressPools 列表中。You can add the resource IDs for multiple Application Gateway backend address pools to the applicationGatewayBackendAddressPools list in the ipConfigurations section of your scale set network profile.

缩放Scale

在哪些情况下我会创建包含少于两个 VM 的虚拟机规模集?In what case would I create a virtual machine scale set with fewer than two VMs?

创建包含少于两个 VM 的虚拟机规模集的原因之一为需要使用虚拟机规模集的弹性属性。One reason to create a virtual machine scale set with fewer than two VMs would be to use the elastic properties of a virtual machine scale set. 例如,可以部署不包含任何 VM 的虚拟机规模集来定义基础结构,这样就无需支付 VM 运行费。For example, you could deploy a virtual machine scale set with zero VMs to define your infrastructure without paying VM running costs. 然后,在准备好部署 VM 后,将虚拟机规模集的“容量”提高到生产实例计数。Then, when you are ready to deploy VMs, increase the “capacity” of the virtual machine scale set to the production instance count.

可能创建包含少于两个 VM 的虚拟机规模集的另一个原因为,相比于使用离散 VM 的可用性集,不必担心可用性的问题。Another reason you might create a virtual machine scale set with fewer than two VMs is if you're concerned less with availability than in using an availability set with discrete VMs. 此外,可以借助虚拟机规模集来使用可替代的无差别计算单元。Virtual machine scale sets give you a way to work with undifferentiated compute units that are fungible. 这种一致性是虚拟机规模集相比可用性集存在的一项重要优势。This uniformity is a key differentiator for virtual machine scale sets versus availability sets. 许多无状态工作负载不跟踪单个单元。Many stateless workloads do not track individual units. 如果工作负载下降,可以减少到一个计算单元,如果工作负载上升,可以增加到多个计算单元。If the workload drops, you can scale down to one compute unit, and then scale up to many when the workload increases.

如何更改虚拟机规模集中的 VM 数目?How do I change the number of VMs in a virtual machine scale set?

若要在 Azure 门户中更改虚拟机规模集中的 VM 数,请从“虚拟机规模集属性”部分,单击“缩放”边栏选项卡,并使用滚动条。To change the number of VMs in a virtual machine scale set in the Azure portal, from the virtual machine scale set properties section, click on the "Scaling" blade and use the slider bar.

如何定义达到特定阈值时触发的自定义警报?How do I define custom alerts for when certain thresholds are reached?

可以在一定程度上灵活处理指定阈值的警报。You have some flexibility in how you handle alerts for specified thresholds. 例如,可以定义自定义的 webhook。For example, you can define customized webhooks. 以下 webhook 示例取自 Resource Manager 模板:The following webhook example is from a Resource Manager template:

{
    "type": "Microsoft.Insights/autoscaleSettings",
    "apiVersion": "[variables('insightsApi')]",
    "name": "autoscale",
    "location": "[parameters('resourceLocation')]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]"
    ],
    "properties": {
        "name": "autoscale",
        "targetResourceUri": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]",
        "enabled": true,
        "notifications": [
            {
                "operation": "Scale",
                "email": {
                    "sendToSubscriptionAdministrator": true,
                    "sendToSubscriptionCoAdministrators": true,
                    "customEmails": [
                        "youremail@address.com"
                    ]
                },
                "webhooks": [
                    {
                        "serviceUri": "<service uri>",
                        "properties": {
                            "key1": "custommetric",
                            "key2": "scalevmss"
                        }
                    }
                ]
            }
        ]
    }
}

修补和操作Patching and operations

能否在现有资源组中创建规模集?Can I create a scale set in an existing resource group?

能,可以在现有资源组中创建规模集。Yes, you can create a scale set in an existing resource group.

能否将规模集移到其他资源组?Can I move a scale set to another resource group?

是的,可以将规模集资源移到新订阅或资源组。Yes, you can move scale set resources to a new subscription or resource group.

如何将虚拟机规模集更新为新映像?How to I update my virtual machine scale set to a new image? 如何管理修补?How do I manage patching?

若要将虚拟机规模集更新为新映像,或管理修补,请参阅升级虚拟机规模集To update your virtual machine scale set to a new image, and to manage patching, see Upgrade a virtual machine scale set.

是否可以在不更改映像的情况下,使用重置映像操作来重置 VM?Can I use the reimage operation to reset a VM without changing the image? (也就是说,将 VM 重置为出厂设置而不是重置为新映像)(That is, I want reset a VM to factory settings rather than to a new image.)

可以在不更改映像的情况下,使用重置映像操作来重置 VM。Yes, you can use the reimage operation to reset a VM without changing the image. 但是,如果虚拟机规模集使用 version = latest 引用了平台映像,则调用 reimage 时,VM 可以更新为更高版本的 OS 映像。However, if your virtual machine scale set references a platform image with version = latest, your VM can update to a later OS image when you call reimage.

是否可以将规模集与 Azure Monitor 日志集成?Is it possible to integrate scale sets with Azure Monitor logs?

可以,可在规模集 VM 上安装 Azure Monitor 扩展。Yes, you can by installing the Azure Monitor extension on the scale set VMs. Azure CLI 示例如下:Here is an Azure CLI example:

az vmss extension set --name MicrosoftMonitoringAgent --publisher Microsoft.EnterpriseCloud.Monitoring --resource-group Team-03 --vmss-name nt01 --settings "{'workspaceId': '<your workspace ID here>'}" --protected-settings "{'workspaceKey': '<your workspace key here'}"

可在 Azure 门户的 Log Analytics 工作区中查找所需的 workspaceId 和 workspaceKey。You can find the required workspaceId and workspaceKey in the Log Analytics workspace of Azure portal. 在“概述”页面上,单击“设置”磁贴。On the Overview page, click the Settings tile. 单击顶部的“相连的源”选项卡。Click the Connected Sources tab at the top.

备注

如果规模集 upgradePolicy 设置为“手动”,则需要通过对 VM 调用升级将扩展应用到集中的所有 VM。If your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. 在 CLI 中,这将为“az vmss update-instances”。In CLI this would be az vmss update-instances.

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

故障排除Troubleshooting

如何启用启动诊断?How do I turn on boot diagnostics?

若要启用启动诊断,首先,创建存储帐户。To turn on boot diagnostics, first, create a storage account. 然后,将此 JSON 块放在虚拟机规模集 virtualMachineProfile 中,并更新虚拟机规模集:Then, put this JSON block in your virtual machine scale set virtualMachineProfile, and update the virtual machine scale set:

"diagnosticsProfile": {
    "bootDiagnostics": {
        "enabled": true,
        "storageUri": "http://yourstorageaccount.blob.core.chinacloudapi.cn"
    }
}

创建新 VM 时,VM 的 InstanceView 属性显示屏幕截图的详细信息等等。When a new VM is created, the InstanceView property of the VM shows the details for the screenshot, and so on. 下面是一个示例:Here's an example:

"bootDiagnostics": {
    "consoleScreenshotBlobUri": "https://o0sz3nhtbmkg6geswarm5.blob.core.chinacloudapi.cn/bootdiagnostics-swarmagen-4157d838-8335-4f78-bf0e-b616a99bc8bd/swarm-agent-9574AE92vmss-0_2.4157d838-8335-4f78-bf0e-b616a99bc8bd.screenshot.bmp",
    "serialConsoleLogBlobUri": "https://o0sz3nhtbmkg6geswarm5.blob.core.chinacloudapi.cn/bootdiagnostics-swarmagen-4157d838-8335-4f78-bf0e-b616a99bc8bd/swarm-agent-9574AE92vmss-0_2.4157d838-8335-4f78-bf0e-b616a99bc8bd.serialconsole.log"
}

虚拟机属性Virtual machine properties

如何在不发出多个调用的情况下获取每个 VM 的属性信息?How do I get property information for each VM without making multiple calls? 例如,对于虚拟机规模集中的 100 个 VM,如何获取每个 VM 的的容错域?For example, how would I get the fault domain for each of the 100 VMs in my virtual machine scale set?

若要在不发出多个调用的情况下获取每个 VM 的属性信息,通过在以下资源 URI 上执行 REST API GET调用 ListVMInstanceViewsTo get property information for each VM without making multiple calls, you can call ListVMInstanceViews by doing a REST API GET on the following resource URI:

/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Compute/virtualMachineScaleSets/<scaleset_name>/virtualMachines?$expand=instanceView&$select=instanceView/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Compute/virtualMachineScaleSets/<scaleset_name>/virtualMachines?$expand=instanceView&$select=instanceView

是否可将不同的扩展参数传递给虚拟机规模集中的不同 VM?Can I pass different extension arguments to different VMs in a virtual machine scale set?

不可以将不同的扩展参数传递给虚拟机规模集中的不同 VM。No, you cannot pass different extension arguments to different VMs in a virtual machine scale set. 但是,扩展可以根据它们运行所在的 VM 的唯一属性(例如计算机名)运行。However, extensions can act based on the unique properties of the VM they are running on, such as on the machine name. 扩展还可以在 http://169.254.169.254 上查询实例元数据来获取更多关于 VM 的信息。Extensions also can query instance metadata on http://169.254.169.254 to get more information about the VM.

虚拟机规模集 VM 计算机名和 VM ID 为什么不是连续的?Why are there gaps between my virtual machine scale set VM machine names and VM IDs? 例如:0, 1, 3...For example: 0, 1, 3...

虚拟机规模集 VM 计算机名和 VM ID 不连续是因为虚拟机规模集的 overprovision 属性设置为默认值 trueThere are gaps between your virtual machine scale set VM machine names and VM IDs because your virtual machine scale set overprovision property is set to the default value of true. 如果 overprovision 设置为 true,创建的 VM 数量会超过请求数量。If overprovisioning is set to true, more VMs than requested are created. 然后,将删除多余的 VM。Extra VMs are then deleted. 在这种情况下,虽然部署可靠性得到提高,但代价是无法遵守连续命名和连续网络地址转换 (NAT) 规则。In this case, you gain increased deployment reliability, but at the expense of contiguous naming and contiguous Network Address Translation (NAT) rules.

可将此属性设置为 falseYou can set this property to false. 对于小型虚拟机规模集,不会显著影响部署可靠性。For small virtual machine scale sets, this doesn't significantly affect deployment reliability.

删除虚拟机规模集中的 VM 与解除分配 VM 有什么区别?What is the difference between deleting a VM in a virtual machine scale set and deallocating the VM? 如何在这两种做法之间做出选择?When should I choose one over the other?

删除虚拟机规模集中的 VM 与解除分配 VM 的主要区别在于 deallocate 不会删除虚拟硬盘 (VHD)。The main difference between deleting a VM in a virtual machine scale set and deallocating the VM is that deallocate doesn’t delete the virtual hard disks (VHDs). 运行 stop deallocate 会产生存储费用。There are storage costs associated with running stop deallocate. 采用其中一种做法可能是由于以下原因之一:You might use one or the other for one of the following reasons:

  • 不再想要支付计算费用,但要保留 VM 的磁盘状态。You want to stop paying compute costs, but you want to keep the disk state of the VMs.
  • 想要更快速地启动一组 VM,而不是扩大虚拟机规模集。You want to start a set of VMs more quickly than you could scale out a virtual machine scale set.
    • 出于这种方案,可能创建了自己的自动缩放引擎,并希望以更快的速度完成端到端缩放。Related to this scenario, you might have created your own autoscale engine and want a faster end-to-end scale.
  • 虚拟机规模集未均匀分布在容错域或更新域。You have a virtual machine scale set that is unevenly distributed across fault domains or update domains. 这可能是由于有选择地删除了 VM,或者因为过度预配后,VM 被删除。This might be because you selectively deleted VMs, or because VMs were deleted after overprovisioning. 在虚拟机规模集上先运行 stop deallocate,并运行 start,可将 VM 均匀地分布到容错域或更新域。Running stop deallocate followed by start on the virtual machine scale set evenly distributes the VMs across fault domains or update domains.

如何创建虚拟机规模集实例的快照?How do I take a snapshot of a virtual machine scale set instance?

从虚拟机规模集实例创建快照。Create a snapshot from an instance of a virtual machine scale set.

$rgname = "myResourceGroup"
$vmssname = "myVMScaleSet"
$Id = 0
$location = "China North"

$vmss1 = Get-AzVmssVM -ResourceGroupName $rgname -VMScaleSetName $vmssname -InstanceId $Id     
$snapshotconfig = New-AzSnapshotConfig -Location $location -AccountType Standard_LRS -OsType Windows -CreateOption Copy -SourceUri $vmss1.StorageProfile.OsDisk.ManagedDisk.id
New-AzSnapshot -ResourceGroupName $rgname -SnapshotName 'mySnapshot' -Snapshot $snapshotconfig

从快照创建托管磁盘。Create a managed disk from the snapshot.

$snapshotName = "mySnapshot"
$snapshot = Get-AzSnapshot -ResourceGroupName $rgname -SnapshotName $snapshotName  
$diskConfig = New-AzDiskConfig -AccountType Premium_LRS -Location $location -CreateOption Copy -SourceResourceId $snapshot.Id
$osDisk = New-AzDisk -Disk $diskConfig -ResourceGroupName $rgname -DiskName ($snapshotName + '_Disk')