使用 Azure PowerShell 创建共享映像库Create a shared image gallery with Azure PowerShell

共享映像库大大简化了整个组织中的自定义映像共享。A Shared Image Gallery simplifies custom image sharing across your organization. 自定义映像类似于市场映像,不同的是自定义映像的创建者是自己。Custom images are like marketplace images, but you create them yourself. 自定义映像可用于启动部署任务,例如预加载应用程序、应用程序配置和其他 OS 配置。Custom images can be used to bootstrap deployment tasks like preloading applications, application configurations, and other OS configurations.

使用共享映像库,你可以在 AAD 租户内在同一区域或跨区域与组织中的其他用户共享自定义 VM 映像。The Shared Image Gallery lets you share your custom VM images with others in your organization, within or across regions, within an AAD tenant. 选择要共享哪些映像,要在哪些区域中共享,以及希望与谁共享它们。Choose which images you want to share, which regions you want to make them available in, and who you want to share them with. 你可以创建多个库,以便可以按逻辑方式对共享映像进行分组。You can create multiple galleries so that you can logically group shared images.

库是顶级资源,它提供完全基于角色的访问控制 (RBAC)。The gallery is a top-level resource that provides full role-based access control (RBAC). 你可以控制映像的版本,并且可以选择将每个映像版本复制到一组不同的 Azure 区域。Images can be versioned, and you can choose to replicate each image version to a different set of Azure regions. 库仅适用于托管映像。The gallery only works with Managed Images.

共享映像库功能具有多种资源类型。The Shared Image Gallery feature has multiple resource types.

资源Resource 说明Description
映像源Image source 这是可用于在映像库中创建“映像版本”的资源 。This is a resource that can be used to create an image version in an image gallery. 映像源可以是现有的 Azure VM(可以是通用或专用的)、托管映像、快照或其他映像库中的映像版本。An image source can be an existing Azure VM that is either generalized or specialized, a managed image, a snapshot, or an image version in another image gallery.
映像库Image gallery 与 Azure 市场一样,映像库是用于管理和共享映像的存储库,但你可以控制谁有权访问这些映像。Like the Azure Marketplace, an image gallery is a repository for managing and sharing images, but you control who has access.
映像定义Image definition 映像定义在库中创建,携带有关该映像以及在内部使用该映像的要求的信息。Image definitions are created within a gallery and carry information about the image and requirements for using it internally. 这包括了该映像是 Windows 还是 Linux 映像、发行说明以及最低和最高内存要求。This includes whether the image is Windows or Linux, release notes, and minimum and maximum memory requirements. 它是某种映像类型的定义。It is a definition of a type of image.
映像版本Image version 使用库时,将使用映像版本来创建 VM。An image version is what you use to create a VM when using a gallery. 可根据环境的需要创建多个映像版本。You can have multiple versions of an image as needed for your environment. 与托管映像一样,在使用映像版本创建 VM 时,将使用映像版本来创建 VM 的新磁盘。Like a managed image, when you use an image version to create a VM, the image version is used to create new disks for the VM. 可以多次使用映像版本。Image versions can be used multiple times.

映像库是用于启用映像共享的主要资源。An image gallery is the primary resource used for enabling image sharing. 允许用于库名称的字符为大写或小写字母、数字、点和句点。Allowed characters for Gallery name are uppercase or lowercase letters, digits, dots, and periods. 库名称不能包含短划线。The gallery name cannot contain dashes. 库名称在你的订阅中必须唯一。Gallery names must be unique within your subscription.

使用 New-AzGallery 创建映像库。Create an image gallery using New-AzGallery. 以下示例在“myGalleryRG”资源组中创建名为“myGallery”的库 。The following example creates a gallery named myGallery in the myGalleryRG resource group.

$resourceGroup = New-AzResourceGroup `
   -Name 'myGalleryRG' `
   -Location 'China North'  
$gallery = New-AzGallery `
   -GalleryName 'myGallery' `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $resourceGroup.Location `
   -Description 'Shared Image Gallery for my organization'  

建议在映像库级别共享访问权限。We recommend that you share access at the image gallery level. 使用电子邮件地址和 Get-AzADUser cmdlet 获取用户的对象 ID,然后使用 New-AzRoleAssignment 为用户授予对库的访问权限。Use an email address and the Get-AzADUser cmdlet to get the object ID for the user, then use New-AzRoleAssignment to give them access to the gallery. 请将此示例中的示例电子邮件地址 alinne_montes@contoso.com 替换为你自己的信息。Replace the example email, alinne_montes@contoso.com in this example, with your own information.

# Get the object ID for the user
$user = Get-AzADUser -StartsWith alinne_montes@contoso.com
# Grant access to the user for our gallery
New-AzRoleAssignment `
   -ObjectId $user.Id `
   -RoleDefinitionName Reader `
   -ResourceName $gallery.Name `
   -ResourceType Microsoft.Compute/galleries `
   -ResourceGroupName $resourceGroup.ResourceGroupName

后续步骤Next steps

VM托管映像另一个库中的映像创建映像。Create an image from a VM, a managed image, or an image in another gallery.

此外可以使用模板创建共享映像库资源。You can also create Shared Image Gallery resource using templates. 提供多个 Azure 快速入门模板:There are several Azure Quickstart Templates available: