azure mysql on vnet_管理 VNet 终结点 - Azure CLI - Azure Database for MySQL | Microsoft Docs

您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Azure CLI 创建和管理 Azure Database for MySQL VNet 服务终结点Create and manage Azure Database for MySQL VNet service endpoints using Azure CLI

3/18/2020

本文内容

虚拟网络 (VNet) 服务终结点和规则将虚拟网络的专用地址空间扩展到 Azure Database for MySQL 服务器。Virtual Network (VNet) services endpoints and rules extend the private address space of a Virtual Network to your Azure Database for MySQL server. 使用便捷的 Azure 命令行接口 (CLI) 命令,可创建、更新、删除、列出和显示 VNet 服务终结点和规则,用于管理服务器。Using convenient Azure Command Line Interface (CLI) commands, you can create, update, delete, list, and show VNet service endpoints and rules to manage your server. 若要概览 Azure Database for MySQL VNet 服务终结点(包括限制),请参阅 Azure Database for MySQL 服务器 VNet 服务终结点。For an overview of Azure Database for MySQL VNet service endpoints, including limitations, see Azure Database for MySQL Server VNet service endpoints. 在 Azure Database for MySQL 的所有支持区域中,VNet 服务终结点均可用。VNet service endpoints are available in all supported regions for Azure Database for MySQL.

如果还没有 Azure 订阅,可以在开始前创建一个免费帐户。If you don't have an Azure subscription, create a free account before you begin.

先决条件Prerequisites

Use the Bash environment in Azure Cloud Shell.

b539b034fc472a2347bf7d1948550896.pngb539b034fc472a2347bf7d1948550896.png

如果需要,请安装 Azure CLI 来运行 CLI 参考命令。If you prefer, install the Azure CLI to run CLI reference commands.

如果使用的是本地安装,请使用 az login 命令登录到 Azure CLI。If you're using a local installation, sign in to the Azure CLI by using the az login command. 若要完成身份验证过程,请遵循终端中显示的步骤。To finish the authentication process, follow the steps displayed in your terminal. 有关其他登录选项,请参阅登录 Azure CLI。For additional sign-in options, see Sign in with the Azure CLI.

出现提示时,请在首次使用时安装 Azure CLI 扩展。When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.

运行 az version 以查找安装的版本和依赖库。Run az version to find the version and dependent libraries that are installed. 若要升级到最新版本,请运行 az upgrade。To upgrade to the latest version, run az upgrade.

本文需要 Azure CLI 版本2.0 或更高版本。This article requires version 2.0 or later of the Azure CLI. 如果使用 Azure Cloud Shell,则最新版本已安装。If using Azure Cloud Shell, the latest version is already installed.

备注

只有常规用途和内存优化服务器才支持 VNet 服务终结点。Support for VNet service endpoints is only for General Purpose and Memory Optimized servers.

在 VNet 对等互连的情况下,如果流量通过具有服务终结点的公共 VNet 网关流动,并且应该流向对等机,请创建 ACL/VNet 规则,以便网关 VNet 中的 Azure 虚拟机能够访问 Azure Database for MySQL 服务器。In case of VNet peering, if traffic is flowing through a common VNet Gateway with service endpoints and is supposed to flow to the peer, please create an ACL/VNet rule to allow Azure Virtual Machines in the Gateway VNet to access the Azure Database for MySQL server.

为 Azure Database for MySQL 配置 Vnet 服务终结点Configure Vnet service endpoints for Azure Database for MySQL

The az network vnet commands are used to configure Virtual Networks.

如果有多个订阅,请选择应计费的资源所在的相应订阅。If you have multiple subscriptions, choose the appropriate subscription in which the resource should be billed. 使用 az account set 命令选择帐户下的特定订阅 ID。Select the specific subscription ID under your account using az account set command. 将订阅的 az login 输出中的 id 属性替换为订阅 id 占位符。Substitute the id property from the az login output for your subscription into the subscription ID placeholder.

该帐户必须拥有创建虚拟网络和服务终结点所需的必要权限。The account must have the necessary permissions to create a virtual network and service endpoint.

对虚拟网络拥有写入访问权限的用户可在虚拟网络上单独配置服务终结点。Service endpoints can be configured on virtual networks independently, by a user with write access to the virtual network.

若要在 VNet 中保护 Azure 服务资源,用户必须对所添加的子网拥有“Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/”权限。To secure Azure service resources to a VNet, the user must have permission to "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/" for the subnets being added. 此权限默认包含在内置的服务管理员角色中,可以通过创建自定义角色进行修改。This permission is included in the built-in service administrator roles, by default and can be modified by creating custom roles.

详细了解内置角色以及将特定的权限分配到自定义角色。Learn more about built-in roles and assigning specific permissions to custom roles.

VNet 和 Azure 服务资源可以位于相同或不同的订阅中。VNets and Azure service resources can be in the same or different subscriptions. 如果 VNet 和 Azure 服务资源位于不同的订阅中,资源应在相同的 Active Directory (AD) 租户下。If the VNet and Azure service resources are in different subscriptions, the resources should be under the same Active Directory (AD) tenant. 确保两个订阅都注册了 Microsoft.Sql 资源提供程序。Ensure that both the subscriptions have the Microsoft.Sql resource provider registered. 有关详细信息,请参阅资源管理器注册

重要

强烈建议在运行下面的示例脚本或配置服务终结点前先阅读本文有关服务终结点配置和注意事项的内容。It is highly recommended to read this article about service endpoint configurations and considerations before running the sample script below, or configuring service endpoints. 虚拟网络服务终结点: 虚拟网络服务终结点是一个子网,其属性值包括一个或多个正式的 Azure 服务类型名称。Virtual Network service endpoint: A Virtual Network service endpoint is a subnet whose property values include one or more formal Azure service type names. VNet 服务终结点使用服务类型名称 Microsoft.Sql,可引用名为“SQL 数据库”的 Azure 服务。VNet services endpoints use the service type name Microsoft.Sql , which refers to the Azure service named SQL Database. 此服务标记也适用于 Azure SQL 数据库、Azure Database for PostgreSQL 和 MySQL 服务。This service tag also applies to the Azure SQL Database, Azure Database for PostgreSQL and MySQL services. 请务必要注意,对 VNet 服务终结点应用 Microsoft.Sql 服务标记时,它会为所有 Azure 数据库服务配置服务终结点流量,其中包括 Azure SQL 数据库、Azure Database for PostgreSQL 和子网上的 Azure Database for MySQL 服务器。It is important to note when applying the Microsoft.Sql service tag to a VNet service endpoint it configures service endpoint traffic for all Azure Database services, including Azure SQL Database, Azure Database for PostgreSQL and Azure Database for MySQL servers on the subnet.

此示例脚本演示了如何创建 Azure Database for MySQL 数据库、创建 VNet 和 VNet 服务终结点,以及如何使用 VNet 规则在子网中保护服务器Sample script to create an Azure Database for MySQL database, create a VNet, VNet service endpoint and secure the server to the subnet with a VNet rule

在此示例脚本中,更改突出显示的行,以自定义管理员用户名和密码。In this sample script, change the highlighted lines to customize the admin username and password. 将 az account set --subscription 命令中使用的 SubscriptionID 替换为你自己的订阅标识符。Replace the SubscriptionID used in the az account set --subscription command with your own subscription identifier.

#!/bin/bash

# To find the name of an Azure region in the CLI run this command: az account list-locations

# Substitute with your identifier

az account set --subscription

# Create a resource group

az group create \

--name myresourcegroup \

--location westus

# Create a MySQL server in the resource group

# Name of a server maps to DNS name and is thus required to be globally unique in Azure.

# Substitute the with your own value.

az mysql server create \

--name mydemoserver \

--resource-group myresourcegroup \

--location westus \

--admin-user mylogin \

--admin-password \

--sku-name GP_Gen4_2

# Get available service endpoints for Azure region output is JSON

# Use the command below to get the list of services supported for endpoints, for an Azure region, say "westus".

az network vnet list-endpoint-services \

-l westus

# Add Azure SQL service endpoint to a subnet *mySubnet* while creating the virtual network *myVNet* output is JSON

az network vnet create \

-g myresourcegroup \

-n myVNet \

--address-prefixes 10.0.0.0/16 \

-l westus

# Creates the service endpoint

az network vnet subnet create \

-g myresourcegroup \

-n mySubnet \

--vnet-name myVNet \

--address-prefix 10.0.1.0/24 \

--service-endpoints Microsoft.SQL

# View service endpoints configured on a subnet

az network vnet subnet show \

-g myresourcegroup \

-n mySubnet \

--vnet-name myVNet

# Create a VNet rule on the sever to secure it to the subnet Note: resource group (-g) parameter is where the database exists. VNet resource group if different should be specified using subnet id (URI) instead of subnet, VNet pair.

az mysql server vnet-rule create \

-n myRule \

-g myresourcegroup \

-s mydemoserver \

--vnet-name myVNet \

--subnet mySubnet

清理部署Clean up deployment

运行脚本示例后,可以使用以下命令删除资源组以及与其关联的所有资源。After the script sample has been run, the following command can be used to remove the resource group and all resources associated with it.

#!/bin/bash

az group delete --name myresourcegroup

你可能感兴趣的:(azure,mysql,on,vnet)