快速入门:使用 Azure CLI 创建和加密 Linux VMQuickstart: Create and encrypt a Linux VM with the Azure CLI

Azure CLI 用于从命令行或脚本创建和管理 Azure 资源。The Azure CLI is used to create and manage Azure resources from the command line or in scripts. 本快速入门演示如何使用 Azure CLI 创建和加密 Linux 虚拟机 (VM)。This quickstart shows you how to use the Azure CLI to create and encrypt a Linux virtual machine (VM).

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

备注

在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

如果选择在本地安装并使用 Azure CLI,本快速入门要求运行 Azure CLI 2.0.30 或更高版本。If you choose to install and use the Azure CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.30 or later. 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

创建资源组Create a resource group

使用 az group create 命令创建资源组。Create a resource group with the az group create command. Azure 资源组是在其中部署和管理 Azure 资源的逻辑容器。An Azure resource group is a logical container into which Azure resources are deployed and managed. 以下示例在“chinanorth2”位置创建名为“myResourceGroup”的资源组:The following example creates a resource group named myResourceGroup in the chinanorth2 location:

az group create --name "myResourceGroup" --location "chinanorth2"

创建虚拟机Create a virtual machine

使用 az vm create 创建 VM。Create a VM with az vm create. 以下示例创建一个名为 myVM 的 VM。The following example creates a VM named myVM.

az vm create \
    --resource-group "myResourceGroup" \
    --name "myVM" \
    --image "Canonical:UbuntuServer:16.04-LTS:latest" \
    --size "Standard_D2S_V3"\
    --generate-ssh-keys

创建 VM 和支持资源需要几分钟时间。It takes a few minutes to create the VM and supporting resources. 以下示例输出表明 VM 创建操作已成功。The following example output shows the VM create operation was successful.

{
  "fqdns": "",
  "id": "/subscriptions/<guid>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM",
  "location": "chinanorth2",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.4",
  "publicIpAddress": "52.174.34.95",
  "resourceGroup": "myResourceGroup"
}

创建为加密密钥配置的密钥保管库Create a Key Vault configured for encryption keys

Azure 磁盘加密将其加密密钥存储在 Azure 密钥保管库中。Azure disk encryption stores its encryption key in an Azure Key Vault. 使用 az keyvault create 创建密钥保管库。Create a Key Vault with az keyvault create. 要使密钥保管库能够存储加密密钥,请使用 --enabled-for-disk-encryption 参数。To enable the Key Vault to store encryption keys, use the --enabled-for-disk-encryption parameter.

重要

每个密钥保管库必须有一个在 Azure 中唯一的名称。Every key vault must have a name that is unique across Azure. 在下面的示例中,将 替换为你选择的名称。In the examples below, replace with the name you choose.

az keyvault create --name "<your-unique-keyvault-name>" --resource-group "myResourceGroup" --location "chinanorth2" --enabled-for-disk-encryption

加密虚拟机Encrypt the virtual machine

使用 az vm encryption 加密 VM,为 --disk-encryption-keyvault 参数提供唯一的密钥保管库名称。Encrypt your VM with az vm encryption, providing your unique Key Vault name to the --disk-encryption-keyvault parameter.

az vm encryption enable -g "MyResourceGroup" --name "myVM" --disk-encryption-keyvault "<your-unique-keyvault-name>"

稍后,进程将返回“加密请求已被接受。After a moment the process will return, "The encryption request was accepted. 请使用 'show' 命令监视进度”。Please use 'show' command to monitor the progress.". "show" 命令是 az vm showThe "show" command is az vm show.

az vm show --name "myVM" -g "MyResourceGroup"

启用加密后,你将在返回的输出中看到以下内容:When encryption is enabled, you will see the following in the returned output:

"EncryptionOperation": "EnableEncryption"

清理资源Clean up resources

如果不再需要资源组、VM 和密钥保管库,可以使用 az group delete 命令将其删除。When no longer needed, you can use the az group delete command to remove the resource group, VM, and Key Vault.

az group delete --name "myResourceGroup"

后续步骤Next steps

在本快速入门中,你创建了一个虚拟机,创建了一个启用加密密钥的密钥保管库,并对 VM 进行了加密。In this quickstart, you created a virtual machine, created a Key Vault that was enable for encryption keys, and encrypted the VM. 请继续学习下一篇文章,详细了解 Linux VM 的 Azure 磁盘加密。Advance to the next article to learn more about more Azure Disk Encryption for Linux VMs.