使用Azure虚拟机和托管磁盘(使用ARM部署模型),我最近遇到了以下我想解决的问题:为了从测试目的的托管磁盘获取生产数据,我想克隆将生产数据磁盘从“生产订阅”转换为“开发订阅”中的托管磁盘,在那里我可以安全地使用数据。如何将Azure托管磁盘克隆到其他订阅中?
我们正在讨论很多数据(200 GB +),因此实际的“复制”过程需要太多的时间。我希望能够在半小时内自动化事物并提供新的环境。
克隆订阅中的托管磁盘(鉴于它位于同一区域)非常简单而且快速,我只需要指定一个--source命令即az disk create命令。这显然不适用于所有订阅,至少是因为开发订阅的登录用户/服务主体无法访问生产订阅资源。
我迄今为止尝试:
az disk grant-access来检索SAS的URI管理的磁盘;这件事情不被接受为--source用于az disk create虽然(它说VHD SAS链路会的工作,虽然...)任何想法?
我这样做:
$RG = "youresourcegroup"
$Location = "West US 2"
$StorageAccName = "yourstorage"
$SkuName = "Standard_LRS"
$Containername = "images"
$Destdiskname = “yorblob.vhd”
$SourceSASurl = "https://yoursaasurl"
Login-AzureRmAccount
New-AzureRmResourceGroup -Name $RG -Location $Location
New-AzureRmStorageAccount -ResourceGroupName $RG -Name $StorageAccName -SkuName $SkuName -kind Storage -Location $Location
$Storageacccountkey = Get-AzureRmStorageAccountKey -ResourceGroupName $RG -Name $StorageAccName
$Storagectx = New-AzureStorageContext -StorageAccountName $StorageAccName -StorageAccountKey $Storageacccountkey[0].Value
$Targetcontainer = New-AzureStorageContainer -Name $Containername -Context $storagectx -Permission Blob
$sourceSASurl = $mdiskURL.AccessSAS
$ops = Start-AzureStorageBlobCopy -AbsoluteUri $SourceSASurl -DestBlob $Destdiskname -DestContainer $Containername -DestContext $Storagectx
Get-AzureStorageBlobCopyState -Container $Containername -Blob $Destdiskname -Context $Storagectx -WaitForComplete
在此之后,你将有管理的磁盘的拷贝在存储为普通的blob您的订阅。
要小心,您应该从Production订阅中获取SAS URL,但在脚本中您应该登录到开发订阅。
接下来,您可以转到Azure门户并将blob转换为托管磁盘。
转到Azure的门户网站 - >更多服务 - >磁盘或直接浏览此网址https://portal.azure.com/#create/Microsoft.ManagedDisk-ARM
点击+添加
选择源作为存储BLOB
选择你的vhd使用源blob字段。
这是我写的脚本,用于将每个虚拟机的所有托管磁盘从一个订阅迁移到另一个订阅。我希望这可以帮助你。
# This script will get ALL VMs in a subscription and then migrate the disks
if the VM has managed disks
# Created by Joey Brakefield -- @kfprugger & https://www.linkedin.com/in/joeybrakefield/
#set global variables
$sourceSubscriptionId='6a1b5e5e-df06-4608-a7a2-6984f7abacd8'
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vms = get-azurermvm
$targetSubscriptionId='929e0340-bf36-45a2-8347-47f86b4715de'
#looping logic for each of the VMs that have managed disks
foreach ($vm in $vms) {
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vmrg = get-azurermresourcegroup -name $vm.ResourceGroupName
$vmname = $vm.name
Write-Host = "Working with: " $vmname " in " $vmrg -foregroundcolor Green
Write-Host ""
#This command will only target managed disks because unmanaged use the storage account locations rather than the /disks provider URIs
if (Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name})
{
#Sanity Check
#Read-host "Look correct? If not, CTRL-C to Break"
$manageddisk = Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name}
Select-AzureRmSubscription -SubscriptionId $targetSubscriptionId
#check to see if RG exists in the new CSP/Subscription
Get-AzureRmResourceGroup -Name $vmrg.resourcegroupname -ev notPresent -ea 0
write-host "Checking to see if"$vmrg.resourcegroupname"exists in subscriptionid"$targetSubscriptionId -foregroundcolor Cyan
Write-Host ""
if ($notPresent)
{
new-azurermresourcegroup -name $vmrg.resourcegroupname -location $vmrg.location
"Resource Group " + $vmrg.resourcegroupname + " has been created"
} else {"Resource Group " + $vmrg.resourcegroupname + " already exists"}
# Move the disks after all checks are done
foreach ($disk in $managedDisk){
$managedDiskName = $disk.Name
$targetResourceGroupName = $vmrg.resourcegroupname
$diskConfig = New-AzureRmDiskConfig -SourceResourceId $disk.Id -Location $disk.Location -CreateOption Copy
New-AzureRmDisk -Disk $diskConfig -DiskName $Disk.Name -ResourceGroupName $targetResourceGroupName}
}
}
可以使用下面的命令在天青CLI -
# Source storage account name
STORAGE1=sourcestorage
#Security key of the source storage account
STORAGEKEY1= SampleKey0qNzttE/EX3hHfcFIzkQQmqXklRU2Z2uANICw==
#Container containing the source VHD
CONTAINER1=sourcevhds
# Name of VHD to be copied (name only, not full url)
DISK=DiskToBeCopied.vhd
#Specify the above properties for target
STORAGE2=targetstorage
STORAGEKEY2= SampleKeyAb6FYP3EqFVEcN2cc5wO QHzXvdc7Gzh1qRt0FXKq6w==
CONTAINER2= targetvhds
设定上述参数后,在天青CLI执行以下命令 -
azure storage blob copy start --account-name $STORAGE1 --account-key $STORAGEKEY1 --source-container $CONTAINER1 --source-blob $Disk --dest-account-name $STORAGE2 --dest-account-key $STORAGEKEY2 --dest-container $CONTAINER2
井,授予访问权限给用户? – 4c74356b41
当有问题的用户是服务负责人时,必须尝试是否有效。怀疑它,因为那些属于订阅afaik。 – donmartin
我很惊讶sas uri无法通过订阅工作 - 当您尝试运行cmd时磁盘在线吗?您可以在多个潜在客户中授予SP许可权(至少在同一个承租人中,不知道是否在整个承租人身上)。另一个选择是尝试模板部署。 –